Original article: http://www.cfca.com.cn/zhishi/wz-012.htm
The figure shows the inventor of RSA public key algorithm, from left to right Ron Rivest, Adi Shamir, Leonard Adleman. The photo was taken on January 1, 1978.
The RSA encryption algorithm is the most common asymmetric encryption algorithm, and CFCA cannot leave it in the certificate service. However, many new colleagues don't know much about it. They just see that the author in a book uses examples to describe it in a simplified and vivid way, so that profound mathematical theories can be easily understood. We recommend that you read this article after sorting out and rewriting. We hope it will be helpful for colleagues who are busy but want to know about it.
RSA is the first perfect Public Key algorithm. It can be used for both encryption and digital signature. RSA is named by the first letter of its three inventors Ron Rivest, Adi Shamir, and Leonard Adleman. This algorithm has withstood years of in-depth password analysis, although cryptographic analysts cannot prove or deny the security of RSA, it just shows that the algorithm has a certain credibility and has become the most popular public key algorithm.
RSA Security is based on the difficulty of big number decomposition. The public key and private key are functions of a large prime number (100 to 200 digits in decimal number or greater. The difficulty of recovering plaintext from a public key and ciphertext is equivalent to decomposing the product of two large prime numbers (this is a recognized mathematical problem ).
The composition of the RSA public key and private key, and the encryption and decryption formulas are as follows:
Maybe my colleagues have not been familiar with mathematics for a long time, and reading these formulas is confusing. Don't worry. Before officially explaining the RSA encryption algorithm, let's first review several basic mathematical concepts. They will be used in the following introduction:
1. What is a "prime number "?
A prime number is such an integer. Apart from being expressed as the product of itself and 1, it cannot represent the product of any other two integers. For example, 15 = 3*5, so 15 is not a prime number, and 12 = 6*2 = 4*3, so 12 is not a prime number. Besides 13*1, 13 cannot represent the product of any two integers. Therefore, 13 is a prime number. A prime number is also called a prime number ".
2. What is "prime number" (or "prime number ")?
The elementary school mathematics textbook defines the number of interchange items as follows: "There is only one common number, which is called the number of interchange items ." The "two numbers" here refer to natural numbers.
There are mainly the following types of discriminant methods (not limited to this ):
(1) two prime numbers must be mutual prime numbers. For example, 2, 7, 13, and 19.
(2) If one prime number cannot be divided into another aggregate number, the two numbers are mutually prime numbers. For example, 3, 10, 5, and 26.
(3) 1. It is neither a prime nor a combination. It is a mass number together with any natural number. For example, 1 and 9908.
(4) two adjacent natural numbers are mass numbers. For example, 15 and 16.
(5) The two adjacent odd numbers are mass numbers. For example, 49 and 51.
(6) A large number is a prime number. For example, 97 and 88.
(7) decimals are prime numbers. A large number is not a multiple of decimal numbers. For example, 7 and 16.
(8) both numbers are equal (two numbers have big difference). All the prime factors in decimal places are not the approximate numbers of large numbers. These two numbers are mutual numbers. For example, 357 and 715,357 = 3 × 7 × 17, and 3, 7, and 17 are not 715 digrams. And so on.
3. What is modulo Exponent?
No one knows about exponential operations. Let's talk about modulo operations first. The modulo operation is an integer operation. There is an integer m, where n is used as the modulo operation, that is, M mod n. What should we do? M is divisible by N, and only the remainder obtained is used as the result, which is called a modulo operation. For example, 10 mod 3 = 1; 26 mod 6 = 2; 28 mod 2 = 0.
The modulo exponent operation is performed first, and the result is obtained before the modulo operation. For example
Okay. Now we will officially introduce the RSA encryption algorithm.
Algorithm Description:
(1) Select a pair of different, large enough prime numbers p and q.
(2) calculate n = PQ.
(3) Calculate F (n) = (p-1) (q-1), while p, q strictly confidential, do not let anyone know.
(4) find a number e that interacts with F (n), and 1 <e <F (n ).
(5) calculate d, so that De has 1 Mod f (n ). This formula can also be expressed as D? E-1 Mod f (N)
Here we need to explain that attention is the symbol in number theory that represents the same remainder. In the formula, the left side of the TRIM symbol must be the same as the right side of the symbol, that is, the result of the two-side modulo operation is the same. Obviously, no matter what value F (n) gets, the result of 1 Mod f (n) on the right of the symbol is equal to 1; the result of the modulo operation on the product of D and E on the left side of the symbol must be equal to 1. In this case, the value of D needs to be calculated so that the same equality can be established.
(6) Public Key Ku = (E, n), private key Kr = (d, n ).
(7) during encryption, the plaintext is first converted to an integer m from 0 to n-1. If the plain text is long, it can be divided into appropriate groups and then exchanged. If the ciphertext is set to C, the encryption process is :.
(8) The decryption process is :.
Instance description:
In this article, it is impossible to strictly prove the correctness of the RSA algorithm, but we can use a simple example to understand the working principle of RSA. For ease of computing. In the following example, only the prime numbers P, Q, and E are selected. Assume that user a needs to encrypt the plaintext "key" and transmit it to user B through RSA. The process is as follows:
(1) Design public/private keys (E, n) AND (d, n ).
P = 3, q = 11, n = P x q = 3x11 = 33; F (n) = (PM) (q-1) = 2x10 = 20; take E = 3, (3 and 20 ing) then e x d fill 1 Mod f (N), that is, 3 x d fill 1 mod 20.
D. How to set the value? You can use the trial calculation method. The trial calculation result is shown in the following table:
Through the test, we find that when D = 7, E × d limit 1 Mod f (n) is the same as the remainder equation. Therefore, D = 7 is allowed. So we can design a pair of public and private keys. the encryption key (Public Key) is: Ku = (E, n) = (3, 33), and the decryption key (Private Key) is: KR = (d, n) = (7,33 ).
(2) English digitalization.
Digitizes plaintext information and groups two numbers each. Assume that the plaintext English letter encoding table is a numerical value in alphabetical order, that is:
The plaintext information of the key after the grouping is as follows: 11, 05, 25.
(3) Plaintext Encryption
The user's encryption key () encrypts the digital plaintext group information into passwords. Obtained by C Development me (mod n:
Therefore, the ciphertext information is as follows: 11, 31, 16.
(4) ciphertext decryption.
User B receives the ciphertext. If it decrypts the ciphertext, it only needs to be calculated, namely:
User B obtains the plaintext information: 11,05, 25. According to the above encoding table, convert it to English, and we get the restored original "key ".
As you can see, its principles can be simply explained!
Of course, the actual use is much more complicated than this. Because the length of the RSA public key (Modulo length) must reach 1024 or even 2048 bits, the security can be ensured, the selection of p, q, E, generation of public key and private key, encryption and decryption mode index operations have a certain number of computing programs, need to rely on computers to complete high-speed.
Finally, let's talk about the security of RSA.
First, let's discuss why the RSA password is difficult to crack?
In RSA cryptographic applications, the Public Key Ku is public, that is, the values of E and N can be obtained by third-party eavesdroppers. The problem of cracking the RSA password is to find the value of D from the known values of E and n (n is equal to PQ), so that the private key can be obtained to crack the ciphertext. We can see from the formula above: D-E-1 (mod (p-1) (q-1) or de-Mod (PM) (q-1. The essence of password cracking is: From the PQ value, to find (p-1) and (q-1 ). In other words, as long as the values of p and q are obtained, we can find the value of D and get the private key.
When p and q are a large prime number, the factors p and q are decomposed from their product PQ, which is a recognized mathematical problem. For example, when PQ reaches 1024 bits, no one has been able to use any computing tool to complete the factorization task so far. Therefore, it has been nearly two decades since RSA was proposed. It has been tested by various attacks and is gradually accepted by people. It is generally considered to be one of the best public key solutions.
However, although the security of RSA depends on the factorization of large numbers, it is not theoretically proved that the difficulty of deciphering RSA is equivalent to the difficulty of decomposing large numbers. That is, the major defect of RSA is that it cannot theoretically grasp its confidentiality performance.
In addition, the disadvantages of RSA are as follows: a) it is very difficult to generate keys, which is restricted by the technology of generating prime numbers. Therefore, it is difficult to achieve one-time password at a time. B) The Group length is too large. To ensure security, N must be at least 600 BITs, which results in a high computing cost, especially when the speed is low, which is several orders of magnitude slower than that of symmetric cryptographic algorithms; with the development of big data decomposition technology, this length is still increasing, which is not conducive to the standardization of data formats. Therefore, RSA can only encrypt a small amount of data, and a large amount of data encryption relies on symmetric encryption algorithms.