Data Encryption--a detailed explanation of the principle and implementation of RSA encryption algorithm

Introduction to RSA Algorithms

RSA is one of the most popular asymmetric encryption algorithms. Also known as public-key cryptography. It was proposed by Ronald Leevist (Ron rivest), Adi Samor (Adi Shamir) and Lennard Adman (Leonard Adleman) in 1977. At the time, all three of them worked at MIT. RSA is the first letter of their three surnames made together.

RSA is asymmetric, that is, the key used to encrypt and the key to decrypt is not the same.

Like DES,RSA is also a packet encryption algorithm, and the difference is that the packet size can vary depending on the size of the key. If the encrypted data is not an integer multiple of the grouping size, additional padding bits are added depending on how the application is applied.

RSA is an asymmetric encryption algorithm, one of the most important features is that when data is transmitted over the network, the key used to encrypt the data does not need to be transmitted along with the data. As a result, this reduces the likelihood of key leaks. RSA is also useful when encryption is not allowed to decrypt data, the encrypted party uses a key, called the public key, and the decrypted party uses another key, called the private key, and the private key needs to remain private.

RSA is considered very secure, but it is much slower to compute than DES. As with DES, its security has never been proven, but it is extremely difficult to break down the factorization of large numbers (at least 200 bits) of the RSA algorithm. Therefore, because of the lack of effective methods to solve the factorization of large numbers, it can be extrapolated that there is no effective way to crack RSA.

RSA algorithm based on the principle, basically, the encryption and decryption of data around the modular power operation , which is a model calculation. Modulus calculation is a common form in integer computation. The result of x mod n is the remainder of the x/n. For example, the MoD 13 = 1, because 40/13 = 3, the remainder is 1. modulo exponentiation is the process of calculating AB mod n.

Calculating public and private keys

The public and private keys in RSA need to be combined to work together. The public key is used to encrypt a block of data, after which only the corresponding private key can be used for decryption. When you generate a key, you need to follow several steps to ensure that this relationship between the public and private keys works correctly. These steps also ensure that there is no practical way to eject another from one key.

Before starting, first select two large primes, which are recorded as P and Q. These two numbers should be at least 200, which can be considered safe in practice, depending on the level of technology currently used to solve large numbers of factors.

Then, start calculating N:

n = PQ

Next, select a small odd e, which will be part of the public key. The most important thing to consider when choosing e is that it cannot have the same factor as (P-1) (q-1). In other words, E and (p-1) (q-1) are the prime relations of each other. For example, if p=11 and q=19, then n=11 X 19=209. Choose E=17 here, because (p-1) (q-1) =10 X 18 = 180, while 17 and 180 do not have the same factor. Usually choose 3, 17, 65, 537 as the value of E. Using these values does not affect the security of RSA because the private key is required to decrypt the data.

Once you have selected a value for E, the next step is to calculate the corresponding value d,d will be part of the private key. The value of D is to calculate the modulo result of the reciprocal pair (p-1) (q-1) of E, the formula is as follows:

d = e-1 mod (p-1) (q-1)

Here D and E are the relations of modulo multiplication inverse element.

Consider this question: when D is how much can you meet Ed MoD (p-1) (q-1) = 1? For example, in Equation 17d mod 180 = 1, a possible value of D is 53. The other possible values are 233, 413, 593, and so on. In practice, the Euclidean algorithm can be used to compute the modulo multiplication inverse element. It will not unfold here.

Now with the values of E and D, the (e,n) as the public key p, (d,n) as the private key s and keep it invisible. Expressed as:

P = (e,n), S = (d,n)

The encrypting party uses p to encrypt the data, and the decryption party uses S to decrypt it. to prevent a person from knowing that P is not able to deduce s, you must ensure that the values of P and Q are absolutely not exposed .

The security provided by the combination of P and s comes from the fact that multiplication is a good one-way function.

one-way functions are the basis of cryptographic techniques . simply put, one-way functions can easily work out the results in one direction, but the inverse derivation is impractical . For example, in the RSA algorithm, the performance of P and Q is a one-way function, because although it is easy to calculate the scores of P and Q, it is extremely time-consuming to decompose the N-inverse factor into p and Q. Here, the selected p and Q values are large enough to be able.

The steps to calculate p and s originate from some interesting properties of the Euler function. In particular, these properties allow for some useful operations on modulo-exponentiation operations.

The Euler function is a φ (n), which defines the number of integers in and n of all positive integers less than n .

Only if the only common factor of two integers is 1 o'clock, the two integers are said to be mutually exclusive. For example, φ (8) = 4, because altogether only 4 of the integers that are smaller than 8 are mutually 1,3,5,7.

The Euler equation has two properties that are particularly important for the RSA algorithm.

First, when n is a prime number, φ (n) =n-1. This is because the only factor for n is 1 and n, so that N and all previous n-1 positive integers are mutually interdependent.

Another interesting property is the Aφ (n) mod n = 1 for any positive integer A that is less than N and N. For example, mod 8 = 1, mod 8 = 1, mod 8 = 1, and 8 mod = 1. Multiply a on both sides of the above equation to get:

(a) (aφ (n) mod n) =a, or aφ (n) +1 mod n = a

As a result, you can get mod 8 = 1, mod 8 = 3, mod 8 = 5, and mod 8 = 7.

The equation obtained after adjustment is very powerful. because for some equations C = Me mod n, that equals can let us find a value of D, so that CD mod n = M.

This is the identity that the RSA algorithm allows to encrypt data and then decrypt it back to the original. Can be expressed as follows:

CD mod n = (me) d mod n = med mod n = mφ (n) +1 mod n = m mod n

The relationship between the Euler function and the exponent guarantees that any data that is encrypted can be uniquely decrypted back. In order to find the value of D, solve equation d = e-1φ (n) +1. Unfortunately, for the equation d = e-1φ (n) +1, there is not always an integer solution. In order to solve this problem, we calculate

The value of D modφ (n). In other words, D = (e-1φ (n) + 1) modφ (n) can be simplified to:

D = e-1 modφ (n)

We can get this simplified form because (φ (n) +1) modφ (n) = (φ (n) +1)-φ (n) = 1. You can use any positive integer instead of φ (n) to prove that the equation is true. Note that this equation is similar to the derivation of D in the process of calculating the key previously. This provides a way to calculate D by E and N. Of course, E and N are public and are known to attackers, so it was asked, is it not the same opportunity for attackers to figure out the private key? Discussion here, it is time to explore the RSA algorithm security protection.

the security guarantee of RSA algorithm comes from the important fact that Euler's function is multiplicative in nature . This means that if p and Q are mutual, then there is φ (PQ) =φ (p) φ (q). Therefore, if there are two prime numbers p and Q, and N=p*q, then φ (n) = (p-1) (q-1), and most importantly:

d = e-1 mod (p-1) (q-1)

thus, although an attacker may know the values of E and N, in order to calculate that D must know Φ (n), this must be done simultaneously with the values of P and Q . Since P and Q are not known, an attacker can only calculate the n factor, which is a fairly time-consuming process as long as the given p and Q values are large enough.

Encrypt and decrypt data groupings

To encrypt and decrypt data using the RSA algorithm, first determine the size of the grouping . To achieve this, you must ensure that the maximum number of values that the grouping can hold is less than the number of digits of n . For example, if both P and q are prime numbers of 200 digits, the result of N will be less than 400 bits. Thus, the maximum value that can be saved by the selected grouping should be close to 400. in practice, the number of bits that are usually chosen is the power of 2 of the whole number that is smaller than n . For example, if n is 209, the packet size to select is 7 bits, because 27 = 128:209 is small, but 28 = 256 is greater than 209.

to encrypt the group (i) in clear-text mi from buffer m, use the public key (E,n) to get the value of M, ask it an E power, and then modulo n . This will result in a set of ciphertext CI. The modulo operation on n ensures that the CI will be aligned with the packet size of the plaintext . Thus, the plaintext groupings to be encrypted are:

Ci = Mie mod n

As mentioned before, Euler's function is the basis for encrypting data using power-mode operation, which can be decrypted back to the original text according to Euler function and its derivation.

to decrypt the cipher (i) in C in the buffer, use the private key (D,n) to get the numeric part of CI, power it D, and then modulo n . This will result in a set of plaintext mi. Therefore, to decrypt the text groupings are:

Mi = Cid mod n

Interface definitions for RSA

Rsa_encipher

void Rsa_encipher (Huge plaintext, Huge *ciphertext, Rsapubkey PubKey);

return value : none

Description : uses the RSA algorithm to encrypt the plaintext groupings specified by plaintext .

PubKey is the specified public key (E,n), which is of type struct rsapubkey.

Ciphertext is a cipher group that returns the same size as plaintext. The caller is responsible for managing the storage space associated with the ciphertext. To encrypt large segments of data, you can call Rsa_encipher in the packet encryption mode described earlier.

complexity : O (1)

Rsa_decipher

void Rsa_decipher (Huge ciphertext, Huge *plaintext, Rsaprikey Prikey)

return value : none

Description : Uses the RSA algorithm to decrypt the ciphertext groupings specified by the ciphertext.

Prikey is the specified private key (D,n), which is of type struct rsaprikey.

PlainText is a clear text group that returns the same size as ciphertext. The caller is responsible for managing the storage space associated with the plaintext. To decrypt large pieces of data, you can call Rsa_decipher in the packet encryption mode described earlier.

complexity : O (1)

Implementation and analysis of RSA algorithm

Because the RSA encryption algorithm only needs to calculate the AB mod n, the basic implementation is relatively simple. The key is to calculate the function of the power modulus.

However, for RSA security to be secured, a large number of integers must be used, which makes things more complicated. In particular, all the integers used in the calculation must be twice times the number of key bits (as seen later in the Power-mode calculation). Therefore, if the key is a 200-bit integer, an abstract data type is required to support at least 400-bit integers.

There are already some libraries available for large number operations. Specific implementations are no longer available here. In the example of the data encryption header file, the data type huge is defined, and in a secure implementation, a TypeDef alias can be specified for the huge type to support the selected large integer abstract data type. The rest of the requirements are only the operations supported by the huge type for the operator in the Replace integer calculation. For illustrative purposes, the huge type is defined as unsigned long in the implementation here, and the C language built-in type typically only provides support for 10-bit decimal numbers. This means that the implementation given by the implementation example later can only support keys of up to 5-bit integers. Therefore, although the implementation in the example is available, this implementation is not secure if the huge is not redefined as a large number type.

Rsa_encipher

The Rsa_encipher function uses the RSA algorithm to encrypt plaintext packets.

By calling the function Modexp to calculate the value of the AB mod N, where a represents the plaintext grouping, B and n represent the E and N members of the public key. To improve execution efficiency, MODEXP uses an algorithm called a square-multiplication to calculate the modulus of power.

The binary squared-multiply algorithm avoids the super-large intermediate values that occur when a and B are large when you calculate AB. For example, suppose that when a, B, and n are very large integers that contain 200-digit numbers, the result is a 40 000-bit integer modulo the 200-bit integer for the AB mod n. Because the end result is a 200-bit integer, the goal here is to avoid the intermediate value of 40 000-bit integers.

The binary square-multiplication algorithm is used to calculate the AB mod n, which is mainly the result of multiple open-square operations (e.g.). First, the B is represented as a binary form, and then the right bit begins processing . for each bit in B, the result of a squared pair n is obtained and the result is assigned to a. whenever a bit of 1 in B is encountered, the current a value is multiplied by another register Y (the initial value is 1) and the result is assigned to Y. Once you iterate to the most significant bit of B, the value of Y is the result of AB mod n . The maximum value generated during the entire calculation is A2. Therefore, if a is an integer that contains 200-bit numbers, you do not have to deal with numbers larger than 400 digits. This is already a big optimization relative to the 40 000-digit integer mentioned earlier. The shaded section shows the process of calculating 511 mod, 828 mod 53 = 20. In this calculation process, the maximum value processed is only 422 = 1764 compared to 511 = 48 828 125.

Diagram: Using a binary square-multiplication algorithm to calculate the modulus of power

The time complexity of the Rsa_encipher is O (1), since all steps to encrypt a clear text packet can be completed in a constant time. Because the size of the grouping is fixed, the loop execution time in the modexp is also constant.

Rsa_decipher

the Rsa_decipher function uses the RSA algorithm to decrypt the cipher packets .

The operation is decrypted by calling Modexp. Modexp calculates the results of AB mod n, where A is a cipher group, and B and n represent the private key members D and N. The process is the same as described in Rsa_decipher.

The time complexity of the Rsa_decipher is O (1), because all the steps of the decryption text group can be completed in a constant time. Because the grouping size is fixed, the loop execution time in the modexp is also constant.

Example: header file code for data encryption

/*encrypt.h*/#ifndef Encrypt_h#defineEncrypt_h/*in a secure implementation, the Huge must have a minimum of 400-bit 10 decimal digits*/typedef unsignedLongHuge;/*define a data structure for the RSA public key*/typedefstructrsapubkey_{Huge E; Huge N;} Rsapubkey;/*define a data structure for the RSA private key*/typedefstructrsaprikey_{Huge D; Huge N;} Rsaprikey;/*function Declaration*/voidDes_encipher (ConstUnsignedChar*plaintext, unsignedChar*ciphertext,ConstUnsignedChar*key);voidDes_decipher (ConstUnsignedChar*ciphertext, unsignedChar*plaintext,ConstUnsignedChar*key);voidRsa_encipher (Huge plaintext, Huge *ciphertext, Rsapubkey PubKey);voidRsa_decipher (Huge Ciphertext,huge *plaintext, Rsaprikey prikey);#endif //Encrypt_h

Example: implementation of the RSA algorithm

/*rsa.c RSA Algorithm implementation*/#include"encrypt.h"/*modexp binary square multiplication algorithm function*/StaticHuge Modexp (Huge A, Huge B, Huge N) {Huge y; /*use binary square multiplication to calculate pow (A, b)% n*/y=1;  while(b! =0)    {        /*for each 1 in B, accumulate y*/                if(B &1) y= (y*a)%N; /*for each bit in B, calculate the square of a*/a= (a*a)%N; /*prepare the next one in B.*/b= b>>1; }        returny;}/*rsa_encipher RSA algorithm Encryption*/voidRsa_encipher (Huge plaintext, Huge *ciphertext, Rsapubkey PubKey) {    *ciphertext =modexp (plaintext, PUBKEY.E, PUBKEY.N); return;}/*rsa_decipher RSA algorithm decryption*/voidRsa_decipher (Huge ciphertext, Huge *plaintext, Rsaprikey prikey) {    *plaintext =modexp (ciphertext, PRIKEY.D, PRIKDY.N); return;}

Data Encryption--a detailed explanation of the principle and implementation of RSA encryption algorithm