RSA algorithm Introduction

Source: Internet
Author: User
Tags modulus

It is the first algorithm that can be used for both data encryption and digital signature. It is easy to understand and operate, and is also popular. The algorithm is named by the inventor Ron Rivest, Adi Shamir, and Leonard Adleman. However, the security of RSA has never been proved theoretically. It has experienced various attacks and has not been completely cracked yet.

I. RSA algorithm:

First, find three numbers, P, Q, R,
Where p, q are two different prime numbers, r is the number of interconnectivity with P-1) (q-1 ......
The three numbers P, Q, and R are private keys.

Next, locate m so that rM = 1 Mod (p-1) (q-1 ).....
This m must exist, because R and (p-1) (q-1) Interoperability, with the moving phase division can be obtained .....
Then, calculate n = PQ .......
M and n are public keys.

The encoding process is, if the data is A, it is considered as a large integer, assuming a <n ....
If a> = N, the table is converted into S-carry (S <= N, usually S = 2 ^ t ),
Then each digit is less than N, and the subsequent encoding is ......
Next, calculate B = a ^ m mod N, (0 <= B <n ),
B is the encoded information ......

The decoding process is to calculate c = B ^ r mod PQ (0 <= C <PQ ),
Then, after decoding, it will prove that C and A are actually equal.

If a third party eavesdroppers, it will get several numbers: M, N (= PQ), B ......
If he wants to decode it, he must find a way to get the r ......
Therefore, he must first perform prime factor decomposition on n .........
To prevent decomposition, the most effective method is to find two very large numbers P, Q,
Making it difficult for a third party to conduct factor decomposition .........

<Theorem>
If p, q is a different prime number, Rm = 1 Mod (PM) (q-1 ),
A is any positive integer, B = a ^ m mod PQ, c = B ^ r mod PQ,
C = a mod PQ

The process of proof will use the ferma's theorem, which is described as follows:
M is any prime number, n is any integer, then n ^ m = n mod m
(In other words, if n and m are mutually qualitative, then n ^ (S-1) = 1 mod m)
By using some basic group theory knowledge, we can easily prove the theory of Fei Ma's small theorem ........

<Proof>
Because Rm = 1 Mod (PM) (q-1), Rm = K (PM) (q-1) + 1, where k is an integer
Because it is preserve multiplication in modulo.
(X = y mod z and U = V mod z => Xu = YV mod z ),
Therefore, c = B ^ r = (a ^ m) ^ r = a ^ (RM) = a ^ (K (p-1) (q-1) + 1) moD PQ

1. If a is not a multiple of P or a multiple of Q,
Then a ^ (p-1 = 1 mod P (ferma's theorem) => A ^ (K (PM) (q-1) = 1 mod p
A ^ (q-1) = 1 mod q (ferma's theorem) => A ^ (p-1) (q-1) = 1 mod q
So P, Q can divide all a ^ (K (PM) (q-1)-1 => PQ | a ^ (K (PM) (q-1)-1
That is, a ^ (p-1) (q-1) = 1 mod PQ
=> C = a ^ (p-1) (q-1) + 1) = a mod PQ

2. If a is a multiple of P, but not a multiple of Q,
Then a ^ (q-1) = 1 mod q (ferma's theorem)
=> A ^ (p-1) (q-1) = 1 mod q
=> C = a ^ (p-1) (q-1) + 1) = a mod q
=> Q | C-
Because p |
=> C = a ^ (p-1) (q-1) + 1) = 0 mod p
=> P | C-
Therefore, PQ | C-A => C = a mod PQ

3. If a is a multiple of Q, but not a multiple of P, it must be the same as above.

4. If a is a multiple of p and q At the same time,
Then PQ |
=> C = a ^ (p-1) (q-1) + 1) = 0 mod PQ
=> PQ | C-
=> C = a mod PQ
Q. e.d.

This theorem indicates that when a is encoded as B and decoded as C, A = C mod n (n = PQ )....
However, when encoding and decoding, the limit is 0 <= A <n, 0 <= C <n,
So this means that a is equal to C, so this process can indeed implement the encoding and decoding function .....

Ii. Security of RSA

The security of RSA depends on the decomposition of large numbers, but whether it is equivalent to the decomposition of large numbers has not been theoretically proved, because it does not prove that the cracking of RSA requires a large number of decomposition. Suppose there is an algorithm that does not need to break down large numbers, it can be modified into a big number decomposition algorithm. At present, some variant algorithms of RSA have been proved to be equivalent to large number decomposition. In any case, decomposition of n is the most obvious attack method. Now, people can break down the large prime numbers of multiple decimal places. Therefore, the modulus n must be larger, depending on the specific application.

Iii. RSA speed

Because big data computing is carried out, RSA is slower than DES in the fastest case, whether it is software or hardware implementation. Speed has always been a defect of RSA. Generally, it is used only for a small amount of data encryption.

Iv. RSA select Ciphertext Attack

RSA is vulnerable to ciphertext-based attacks. Generally, attackers disguise a piece of information and sign the entity with the private key. Then, the desired information is obtained after calculation. In fact, the attack uses the same weakness, that is, the fact that the multiplication structure of the input is retained by the power:

(XM) ^ d = x ^ D * m ^ d mod n

As mentioned above, this inherent problem comes from the most useful feature of the public key cryptography system-everyone can use the public key. However, the algorithm cannot solve this problem. There are two main measures: one is to use a good public key protocol to ensure that the entity does not decrypt any information generated by other entities during the work process, you do not need to sign any information that you do not know about. The other is never to sign a random document sent by strangers. When signing a document, use one-way hashfunction to hash the document, or use different signature algorithms at the same time. I mentioned several different types of attack methods.

V. RSA Public module attacks

If the system has a module, but different people have different E and D, the system will be dangerous. The most common situation is that the same information is encrypted with different public keys. These public keys are common mode and are mutually compatible, so that the information can be restored without the private key. If P is set to plaintext, the two encryption keys are E1 and E2, and the public modulus is N, then:

C1 = P ^ E1 mod n

C2 = P ^ E2 mod n

The password analyzer knows N, E1, E2, C1, and C2 to obtain p.

Because of the mutual quality between E1 and E2, the Euclidean algorithm can be used to locate R and S to meet the following requirements:

R * E1 + S * e2 = 1

Assume that R is a negative number and the Euclidean algorithm is used to calculate C1 ^ (-1 ).

(C1 ^ (-1) ^ (-R) * C2 ^ s = P mod n

In addition, there are several other methods to use public modulus attacks. In short, if we know a pair of E and D for a given modulus, one is conducive to the decomposition of modulus by attackers, and the other is conducive to the calculation of other pairs of E and D, without the need to break down the modulus. There is only one solution, that is, do not share the modulus n.

Small index attack of RSA. We recommend that you set the public key e to a smaller value to increase the RSA speed. This will make encryption easier and faster.
. However, this is not safe. The solution is to take a large value for both E and D.

The RSA algorithm is the first algorithm that can be used for both encryption and digital signature, and is easy to understand and operate. RSA is the most widely studied public key algorithm. It has been nearly two decades since it was proposed. It has been tested by various attacks and is gradually accepted by people, it is generally regarded as one of the best public key solutions. The security of RSA depends on the factorization of large numbers, but it is not theoretically proved that the difficulty of deciphering RSA is equivalent to the difficulty of decomposing large numbers. That is to say, the major defect of RSA is that it cannot theoretically grasp its confidentiality performance. In addition, most people in the cryptographic field tend to issue factor decomposition rather than NPC. The main disadvantages of RSA are as follows: a) It is difficult to generate keys, which is restricted by the technology of generating prime numbers. Therefore, it is difficult to achieve one-time password at a time. B) The Group length is too large. To ensure security, N must be at least 600 BITs, which results in a high computing cost, especially when the speed is low, which is several orders of magnitude slower than that of symmetric cryptographic algorithms; with the development of big data decomposition technology, this length is still increasing, which is not conducive to the standardization of data formats. Currently, the Set (Secure Electronic Transaction) protocol requires CA to use a bit-long key, while other entities use a bit key.

This article is from the Internet, and the copyright belongs to the original author and each published website. This site collects these articles for your reference only.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.