RSA algorithm record----excerpt

Principles of RSA Algorithm (i.)

"Public Key cryptography Algorithm".

Because it is the cornerstone of computer communication security, to ensure that the encrypted data will not be cracked. You can imagine the consequences of a credit card deal being cracked.

Before I get to the point, let me briefly introduce what is the public key cryptography algorithm.

11 Point History

Until 1976, all encryption methods were of the same pattern:

(1) Party A chooses a certain encryption rule to encrypt the information;

(2) Party B uses the same rule to decrypt the information.

Because encryption and decryption use the same rules ("Keys"), this is referred to as the "Symmetric Encryption Algorithm" (Symmetric-key algorithm).

This encryption mode has one of the biggest weaknesses: Party A must tell party b the encryption rules, otherwise it cannot be decrypted. Saving and passing a key is the most troubling question.

In 1976, two American computer science Whitfield Diffie and Martin Hellman proposed a new idea to complete decryption without passing the key directly. This is referred to as the "Diffie-hellman Key exchange Algorithm". This algorithm inspires other scientists. It is recognized that encryption and decryption can use different rules, as long as there is a corresponding relationship between the two rules, so that the direct transfer of the key is avoided.

This new encryption mode is called an "asymmetric encryption algorithm".

(1) Party B generates two keys (public and private). The public key is public and can be obtained by anyone, and the private key is confidential.

(2) Party A obtains the public key of party B, then uses it to encrypt the information.

(3) Party B obtains the encrypted information, decrypts with the private key.

If the public key encryption information only the private key solution, then as long as the private key does not leak, communication is safe.

In 1977, three mathematicians Rivest, Shamir, and Adleman designed an algorithm that could implement asymmetric encryption. This algorithm is named after their three people, called the RSA algorithm. From then until now, the RSA algorithm has been the most widely used "asymmetric encryption algorithm". It is no exaggeration to say that as long as there is a computer network, there is the RSA algorithm.

This algorithm is very reliable, the longer the key, it is more difficult to crack. According to the already disclosed literature, the longest RSA key currently cracked is 768 bits. In other words, a key that is longer than 768 bits is not cracked (at least not publicly announced). Therefore, it can be considered that the 1024-bit RSA key is basically secure, and the 2048-bit key is extremely secure.

Next, I'll get to the point and explain how the RSA algorithm works. The article is divided into two parts, today is the first part, introduces the four mathematical concepts to be used. As you can see, the RSA algorithm is not difficult, just need a bit of number theory knowledge can be understood.

Second, coprime relations

If two positive integers, except 1, have no other common factor, we call these two numbers a coprime relationship (coprime). For example, 15 and 32 have no common factors, so they are coprime relationships. This means that not prime numbers can also constitute coprime relationships.

With regard to coprime relations, it is not difficult to obtain the following conclusions:

1. Any two prime numbers constitute a coprime relationship, such as 13 and 61.

2. One number is prime, the other is not a multiple of the former, and the two constitute coprime relationships, such as 3 and 10.

3. If the larger of the two numbers is a prime number, the two constitute coprime relationships, such as 97 and 57.

4.1 and any of the natural numbers are coprime relationships, such as 1 and 99.

5. P is an integer greater than 1, then p and p-1 constitute coprime relationships, such as 57 and 56.

6. P is an odd number greater than 1, then p and p-2 constitute coprime relationships, such as 17 and 15.

Three, Euler functions

Consider the following questions:

Any given positive integer n, how many of the positive integers less than or equal to n constitute the coprime relationship? (for example, in 1 to 8, how many numbers and 8 constitute a coprime relationship?) ）

The method for calculating this value is called the Euler function, denoted by φ (n). Between 1 and 8, with 8 forming a coprime relationship is 1, 3, 5, 7, so φ (n) = 4.

The calculation method of φ (n) is not complicated, but in order to get the final formula, it is necessary to discuss it in one step.

First case

If n=1, then φ (1) = 1. Because 1 and any number (including itself) constitute a coprime relationship.

The second case

If n is a prime number, then φ (n) =n-1. Because prime numbers and each number less than it, constitute a coprime relationship. For example, 5 and 1, 2, 3, 4 constitute coprime relationship.

The third case

If n is a secondary of a prime number, that is, n = p^k (P is prime, and K is an integer greater than or equal to 1), the

For example φ (8) =φ (2^3) =2^3-2^2 = 8-4 = 4.

This is because only if a number does not contain prime numbers p, it is possible to coprime with N. The number of p^ (K-1), which contains prime numbers p, is 1XP, 2XP, 3xp 、...、 p^ (k-1) XP, which is removed and the remainder is the number of n coprime.

The above formula can also be written in the following form:

As you can see, the second case above is the exception to k=1.

Fourth case

If n can be decomposed into the product of an integer of two coprime,

n = p1xp2

The

φ (n) =φ (P1P2) =φ (p1) φ (p2)

The Euler function of the product is equal to the product of the Euler function of each factor. For example, φ (56) =φ (8X7) =φ (8) xφ (7) =4x6=24.

The proof of this article is to use the "Chinese remainder theorem", which does not unfold here, only a simple idea: if A and P1 coprime (A<P1), B and P2 coprime (B<P2), C and P1p2 coprime (C<P1P2), then C and the number pair (A, b) is one by one correspondence. Since the value of a is φ (p1) possible, the value of B has φ (P2) possible, then the number of pairs (A, B) has φ (p1) φ (p2) is possible, and the value of C has φ (p1p2) species possible, so φ (p1p2) is equal to φ (p1) φ (p2).

Fifth case

Because any positive integer greater than 1 can be written as a series of primes.

According to the conclusion of article 4th, we get

In accordance with the conclusions of article 3rd, we can obtain

It is equal to

This is the general formula for the Euler function. For example, the Euler function of 1323, the calculation process is as follows:

Four, Euler theorem

The use of Euler's function lies in Euler's theorem. "Euler's theorem" refers to:

If two positive integers a and n coprime, then the Euler function φ (n) of n allows the following equation to be established:

In other words, A's φ (n) is the remainder of n except for 1. Alternatively, the φ (n) of a has minus 1, which can be divisible by N. For example, 3 and 7 coprime, and 7 Euler's function φ (7) equals 6, so 3 6 (729) minus 1, which can be divisible by 7 (728/7=104).

The proof of Euler's theorem is more complex, and is omitted here. We just have to remember its conclusion.

Euler's theorem can greatly simplify some operations. For example, 7 and 10 coprime, according to Euler's theorem,

It is known that φ (10) is equal to 4, so it is definitely 1 to get 7 4 times times the number of bits at once.

Therefore, 7 of the arbitrary number of single-digit (for example, 7 of the 222-square), mental arithmetic can be calculated.

There is a special case for Euler's theorem.

Suppose that a positive integer A and a prime number p coprime, because the φ (p) of prime number P equals p-1, then Euler's theorem can be written

This is the famous Fermat theorem. It is a special case of Euler's theorem.

Euler's theorem is the core of RSA algorithm. By understanding this theorem, RSA can be understood.

Five, modulo inverse elements

There is one last concept left:

If two positive integers a and n coprime, then the integer b must be found, so that ab-1 is divisible by n, or the remainder of AB is divided by n is 1.

At this point, B is called a "modulo inverse element".

For example, 3 and 11 coprime, then 3 of the modulo inverse element is 4, because (3x4) 1 can be divisible by 11. Obviously, there is more than one modulo inverse element, and the integer multiples of 4 plus minus 11 are 3 modulo inverse element {..., -18,-7,4,15,26,...}, that is, if B is a modulo inverse element, then b+kn is a modulo inverse element.

Euler's theorem can be used to prove that the modulo inverse element must exist.

As you can see, A's φ (n)-1 Times Square, is a modulo inverse element.

==========================================

Principles of RSA Algorithm (II.)

Nanyi

Date: July 4, 2013

Last time, I introduced some knowledge of number theory.

With this knowledge, we can read the RSA algorithm. This is currently the most important encryption algorithm on the Earth.

Vi. Steps for key generation

We use an example to understand the RSA algorithm. Suppose Alice wants to encrypt her communication with Bob, how should she generate the public and private keys?

The first step is to randomly select two unequal prime numbers p and Q.

Alice chose 61 and 53. (In practice, the larger the two prime numbers, the harder it is to crack.) ）

The second step is to calculate the product N of P and Q.

Alice multiplied the 61 and the 53.

n = 61x53 = 3233

The length of n is the key length. 3233 is written in binary is 110010100001, a total of 12 bits, so this key is 12 bits. In practice, RSA keys are generally 1024-bit and 2048-bit for important occasions.

The third step is to calculate the Euler function φ (n) of N.

According to the formula:

φ (n) = (p-1) (q-1)

Alice calculates that φ (3233) equals 60x52, or 3120.

The fourth step, randomly selects an integer e, the condition is 1< e <φ (n), and E and φ (n) coprime.

Alice was between 1 and 3120, randomly choosing 17. (In practical applications, 65537 is often selected.) ）

The fifth step is to calculate e for the modulo inverse element d of φ (n).

The so-called "modulo inverse element" means that there is an integer d, which allows Ed to divide the remainder of φ (n) by 1.

Ed≡1 (modφ (n))

This equation is equivalent to

Ed-1 = kφ (n)

So, to find the modulo inverse element D, is essentially the following two-dollar equation solution.

Ex +φ (n) y = 1

Known e=17,φ (n) = 3120,

17x + 3120y = 1

This equation can be solved with the "extended Euclidean algorithm", where the specific process is omitted. In short, Alice calculates a set of integer solutions (x, y) = (2753,-15), or d=2753.

All calculations are complete at this point.

The sixth step is to encapsulate N and e as public keys, and N and D as private keys.

In Alice's case, n=3233,e=17,d=2753, so the public key is (3233,17), the private key is (3233, 2753).

In practice, the public and private key data are expressed in ASN.1 format (instance).

Vii. Reliability of RSA algorithm

Review the key generation steps above, with a total of six numbers:

P
Q
N
φ (n)
E
D

Of these six numbers, the public key is used for two (n and e) and the remaining four are not public. The most critical of these is D, because N and D make up the private key, and once d leaks, it is equal to the private key leak.

So, is it possible to derive a d in the case of known N and e?

(1) ed≡1 (modφ (n)). D can only be calculated if E and φ (n) are known.

(2) φ (n) = (p-1) (q-1). Only the P and Q are known to calculate φ (n).

(3) N=pq. P and Q can be calculated only if the n factor is decomposed.

Conclusion: If n can be decomposed by factoring, D can be calculated, which means that the private key is cracked.

However, the factorization of large integers is a very difficult thing to do. At present, there are no other effective ways to find other than brute force. Wikipedia writes:

"The difficulty of factoring the maximal integers determines the reliability of the RSA algorithm." In other words, the more difficult the factorization of a large integer, the more reliable the RSA algorithm.

If someone finds a fast factorization algorithm, then RSA's reliability will be extremely degraded. But the likelihood of finding such an algorithm is very small. Only a short RSA key can be cracked today. Until 2008, there was no reliable way to attack the RSA algorithm in the world.

As long as the key length is long enough, the information encrypted with RSA is not actually broken. "

For example, you can factor in the decomposition of 3233 (61x53), but you cannot decompose the integer below.

12301866845301177551304949
58384962720772853569595334
79219732245215172640050726
36575187452021997864693899
56474942774063845925192557
32630345373154826850791702
61221429134616704292143116
02221240479274737794080665
351419597459856902143413

It equals such a product of two prime numbers:

33478071698956898786044169
84821269081770479498371376
85689124313889828837938780
02287614711652531743087737
814467999489
X
36746043666799590428244633
79962795263227915816434308
76426760322838157396665112
79233373417143396810270092
798736308917

In fact, this is probably the largest integer that humans have decomposed (232 decimal digits, 768 bits). The larger factor decomposition than it has not been reported, so the longest RSA key currently cracked is 768 bits.

Viii. Encryption and decryption

With the public key and the key, it can be encrypted and decrypted.

(1) Encrypt to use public key (N,e)

Suppose Bob is going to send Alice an encrypted message m, he will encrypt m with Alice's public key (N,e). It is important to note that M must be an integer (the string can take an ASCII or Unicode value) and M must be less than N.

The so-called "encryption" is to calculate the following formula C:

Me≡c (mod n)

Alice's public Key is (3233, 17), Bob's M hypothesis is 65, then the following equation can be calculated:

6517≡2790 (mod 3233)

So, C equals 2790, Bob sends 2790 to Alice.

(2) Decryption to use the private key (N,d)

After Alice gets 2790 of Bob's hair, she decrypts it with her private key (3233, 2753). It can be proved that the following equation must be true:

Cd≡m (mod n)

In other words, the remainder of the d of C divided by N is M. Now, C equals 2790, the private key is (3233, 2753), so Alice calculates

27902753≡65 (mod 3233)

So Alice knew that Bob's original text before the encryption was 65.

At this point, the entire process of "encryption-decryption" is complete.

We can see that if D is not known, there is no way to find m from c. As already said, to know that D must decompose N, which is extremely difficult to do, so the RSA algorithm to ensure the security of communications.

You might ask, if the public key (N,e) can only encrypt an integer m less than n, what if you want to encrypt an integer greater than n? There are two solutions: one is to divide the long information into several short messages, each of which is encrypted, and the other is to select a "symmetric encryption algorithm" (such as DES), encrypt the information with the key of the algorithm, and then encrypt the DES Key with the RSA public key.

Nine, the proof of private key decryption

Finally, let us prove that why the private key decryption, must be able to correctly get m. This is the proof of the following equation:

Cd≡m (mod n)

Because, according to the encryption rules

Me≡c (mod n)

Thus, C can be written in the following form:

c = me-kn

Put C into the decryption rule that we want to prove:

(me-kn) d≡m (mod n)

It's equivalent to proving

Med≡m (mod n)

Because

Ed≡1 (modφ (n))

So

ed = hφ (n) +1

Put Ed into:

Mhφ (n) +1≡m (mod n)

Next, there are two cases to prove the above equation.

(1) m and N coprime.

According to Euler's theorem, at this point

Mφ (n) ≡1 (mod n)

Get

(Mφ (n)) hxm≡m (mod n)

The original has been proved.

(2) m and n are not coprime relations.

At this point, because n equals the product of the prime number p and Q, m must be equal to KP or KQ.

Take m = KP as an example, considering that at this point K and Q are bound to coprime, then according to Euler theorem, the following formula is established:

(KP) q-1≡1 (mod q)

Further to get

[(KP) q-1]h (p-1) XKP≡KP (mod q)

That

(KP) ED≡KP (mod q)

Change it to the equation below.

(KP) ed = tq + KP

T must be divisible by P, i.e. t=t ' p

(KP) ed = T ' PQ + KP

Because M=KP,N=PQ, so

Med≡m (mod n)

The original has been proved.

RSA algorithm record----excerpt