RSA Encryption and decryption algorithm

Unlike DES, in the RSA algorithm, each communication body has two keys, one public key and one private key.

There's 2 keys.
1. Data can be encrypted using PublicKey
2. Use key to decrypt data
Single direction transmission
Data encrypted with the public key, only the private key can be solved (can be used for encryption);
At the same time, data encrypted with the private key can only be undone (signed) by the public key. But very slowly (100 to 1000 times times slower than private key encryption),
The main algorithm of public key is RSA, also includes Blowfish,diffie-helman and so on

Public and private keys
1. The authoritative digital Certification authority (CA) issues public and private keys to all communication principals (individuals or organizations), and is uniquely paired with each other.
2. The private key is like a digital fingerprint with decryption and encryption capabilities. Personal safekeeping, not public.
3. Public key is similar to the security of extremely high registered mailbox address, public.

Example of public private key plus decryption

If there is a confidential digital commercial contract issued to B signed. After the following steps:
1. A use the public key of B to encrypt the contract.
2. Ciphertext sent from A to B.
3. b receives the ciphertext and decrypts it with its own private key.
4. Decryption is correct, after reading, B with his private key to sign the contract.
5. b uses the public key of A to encrypt the signed contract.
6. b Send the cipher to a.
7. A the signed contract is decrypted with your private key.
8. Correct the decryption and confirm the signature.

Public private key plus decryption instructions
From the above steps, we know:
1. Ciphertext encrypted with the public key can be solved only with the private key that is uniquely paired with it.
2. If a cipher is untied, it must be solved by the target information body of the ciphertext.
3. The private key is used for digital signatures and has legal effect because it uniquely identifies the property of the owner.

One. Public private key generation
1. Random selection of two large prime numbers p, Q.
2. Calculate public modulus n = PQ for public and private keys.
3. Calculate the Euler function φ (n) of the modulus N.
4. Select a positive integer e to make 1 < e <φ (n), and E with φ (n) coprime.
5. Calculate d, satisfy De≡1 (modφ (n)), (k is a positive integer).
6.N and E Determine the public key, and N and D determine the private key.

Two. Add decryption
The procedure is for Xiao Li message, the public key is Xiao Li's public key (N & E), the private key is Xiao Li's private key (N & D).
1. Xiao Zhang wants to give small Li Fa a message m, he first converts m to a large number M < n, and then uses the public key of Xiao Li (N & E) to encrypt m to another large number:
c = Me mod n
2. Xiao Li received a large number of small Zhang sent to the C, began to decrypt. With your own private key (N & D), get the original large number m:
m = CD mod n
3. Then convert m to m, Xiao Li gets the original message of the sheet.

This process can be passed because of the following equation:
Cd≡ (Me) d≡med (mod n)



The RSA detailed algorithm is as follows:

1. RSA algorithm

It is the first algorithm that can be used both for data encryption and for digital signatures. It is easy to understand and operate, and very popular. The name of the algorithm is named after the inventor: Ron Rivest, Adi Shamir and Leonard Adleman. However, the security of RSA has not been proved theoretically. It has gone through various attacks and has not been completely compromised so far.

First, the RSA algorithm:

First, find out three numbers, p, Q, R,
where P, Q is two different prime numbers, R is the number with (P-1) (q-1) coprime ...
P, Q, r these three numbers are private key

Then, find m, make rm = = 1 mod (p-1) (q-1) .....
This m must exist, because R and (p-1) (q-1) coprime, with the division of the method can be obtained ....
Again, calculate n = PQ ....
M, n These two numbers are public key

The encoding process is, if the data is a, consider it as a large integer, assuming a < n ....
If a >= n, the A is put into s carry (s <= N, usually take S = 2^t),
Each digit is less than n, and then the segment is encoded ...
Next, calculate b = = a^m mod n, (0 <= B < n),
B is the data after the code ...

The decoding process is to calculate c = = b^r MoD PQ (0 <= C < PQ),
So, the decoding is complete ... It will prove that C and a are actually equal:)

If a third person is eavesdropping, he will get several numbers: M, N (=PQ), b ...
If he wants to decode it, he must find a way to get R ...
So, he must first decompose n as a mass factor ...
To prevent him from decomposing, the most effective way is to find two very large prime numbers p, q,
It is difficult to decompose a third party ...


< theorem >
If p, Q is a distinct prime number, RM = = 1 mod (p-1) (q-1),
A is any positive integer, b = = a^m MoD PQ, c = = b^r MoD PQ,
Then c = = a mod PQ

The process of proving will use the Fermat theorem, which is described as follows:
M is any prime number, n is any integer, then n^m = = n MoD m
(In other words, if N and M coprime, then n^ (m-1) = = 1 mod m)
Using some basic knowledge of group theory, we can easily testify the Fermat theorem ....

< certifications >
RM = K (p-1) (q-1) + 1, where k is an integer because RM = = 1 mod (p-1) (q-1)
Because it's preserve multiplication in modulo.
(x = = y MoD z and u = = v MoD z = xu = yv MoD z),
So, c = = B^r = = (a^m) ^r = = a^ (rm) = = a^ (k (p-1) (q-1) +1) MoD PQ

1. If a is not a multiple of p and is not a multiple of Q,
Then a^ (p-1) = = 1 mod p (fermat theorem) = a^ (K (p-1) (q-1)) = = 1 mod p
a^ (q-1) = = 1 mod q (fermat theorem) = a^ (K (p-1) (q-1)) = = 1 mod q
So p, Q can all be divisible a^ (K (p-1) (q-1))-1 = PQ | a^ (K (p-1) (q-1))-1
IE a^ (k (p-1) (q-1)) = = 1 MoD PQ
= = c = a^ (K (p-1) (q-1) +1) = = a mod PQ

2. If a is a multiple of p, but not a multiple of Q,
Then a^ (q-1) = = 1 mod q (Fermat theorem)
= = a^ (k (p-1) (q-1)) = = 1 mod q
= = c = a^ (K (p-1) (q-1) +1) = = a mod q
= Q | C-a
Because P | A
= = c = a^ (K (p-1) (q-1) +1) = = 0 mod p
= P | C-a
So, PQ | C-a = c = = a mod PQ

3. If a is a multiple of Q but not a multiple of p, the same as

4. If a is a multiple of P and Q at the same time,
Then PQ | A
= = c = a^ (K (p-1) (q-1) +1) = = 0 MoD PQ
= PQ | C-a
= = c = a mod PQ
Q.E.D.


This theorem shows that a is encoded as B and then decoded to C, a = = c mod N (n = PQ) ....
But when we do encode decoding, the limit is 0 <= a < N, 0 <= c < N,
So that means a is equal to C, so this process does do the coding and decoding function .....

Ii. Security of RSA

RSA security relies on large number decomposition, but whether the equivalent of large number decomposition has not been proved theoretically, because there is no proof that the decryption of RSA must be a large number decomposition. Suppose there is an algorithm that does not need to decompose large numbers, it can certainly be modified to be a large number decomposition algorithm. At present, some variant algorithms of RSA have been proved to be equivalent to large number decomposition. In any case, decomposing n is the most obvious attack method. Now, people have been able to break down large primes of multiple decimal digits. Therefore, the modulus n must be selected larger, depending on the specific application of the case.

Third, the speed of RSA

Due to the large number of calculations, RSA is the fastest case is also slower than DES, both software and hardware implementation. Speed has been a drawback of RSA. Generally, only a small amount of data encryption is used.

Four, RSA's Choice cipher-text attack

RSA is vulnerable in the face of the choice of ciphertext attacks. A typical attacker is to disguise a message (Blind) and let the entity with the private key sign. Then, after calculating, you get the information that it wants. In fact, the attack exploits the same weakness, which is the fact that the exponentiation retains the input multiplication structure:

(XM) ^d = x^d *m^d mod n

As mentioned earlier, this inherent problem comes from the most useful feature of the public key cryptography system--everyone can use the public key. But from the algorithm can not solve this problem, the main measures are two: one is to use a good public key protocol, to ensure that the work process entities do not have any information generated by other entities to decrypt, do not know their own information signature; the other is never sent to strangers. Random document Signature, first use one-way Hashfunction hash the document, or use a different signature algorithm at the same time. Several different types of attack methods are mentioned in.

V. RSA's public modulus attack

If there is a module in the system, only different people have different E and D, the system will be dangerous. The most common scenario is that the same information is encrypted with a different public key, which is common and coprime, and that information can be recovered without a private key. Set p as the information plaintext, two encryption keys are E1 and E2, the public modulus is N, then:

C1 = p^e1 mod n

C2 = p^e2 mod n

The cipher analysts know that N, E1, E2, C1, and C2 can get p.

Because E1 and E2 coprime, so with the Euclidean algorithm can find R and S, meet:

R * E1 + S * E2 = 1

Assuming that R is negative, and the Euclidean algorithm is used to calculate the c1^ (-1), then

(c1^ ( -1)) ^ (-r) * c2^s = P mod n

In addition, there are several other methods of using common modulus attacks. In summary, if you know a pair of E and D for a given modulus, one is helpful for the attacker to decompose the modulus, one is to help the attacker to calculate the other pairs of e ' and d ', without decomposition modulus. There is only one solution, that is, do not share modulus N.

RSA's small exponential attack. One of the suggestions for improving RSA speed is to make the public key e take a smaller value, which makes encryption easier to implement, with
Improved. But it is not safe to do so, and the answer is that both E and D take a larger value.

The RSA algorithm is the first algorithm that can be used for both encryption and digital signature, and it is easy to understand and manipulate. RSA is the most widely researched public-key algorithm, from the proposed to now nearly 20 years, experienced a variety of attacks, gradually accepted by people, generally considered to be one of the best public key scheme at present. RSA's security relies on the factorization of large number of factors, but it does not theoretically prove that the difficulty of deciphering RSA is equivalent to the difficulty of large number decomposition. The major flaw of RSA is that it can't theoretically grasp its secrecy performance, and the majority of cryptography scholars tend to factor decomposition is not NPC problem. The disadvantages of RSA mainly include: a) it is troublesome to generate the key, which is limited by the technology of the prime number, so it is difficult to do it once. B) packet length is too large, in order to ensure security, n at least more than bits, so that the computational cost is very high, especially slow, more than symmetric cipher algorithm several orders of magnitude, and with the development of large number decomposition technology, this length is still increasing, not conducive to the standardization of data format. Currently, the SET (Secure Electronic Transaction) protocol requires a CA to use a key that is more than a strong key, and other entities using the bit's keys.

RSA Encryption and decryption algorithm