Security technology-rsa Public Key cryptosystem Security Analysis _ Vulnerability Research

Source: Internet
Author: User
Tags decrypt modulus
Introduction
rsa cryptosystem is a public key cryptosystem which is proposed earlier. In 1978, Rivest,shamir and Adleman of the Massachusetts Institute of MIT (MIT) presented an asymmetric (public key) cryptosystem based on number theory, called the RSA Cryptosystem, in a paper entitled "Methods for obtaining digital signatures and public key cryptography". RSA is a kind of block cipher system, which is based on the "large integer element factorization is a difficult problem".

Introducing Public Key Cryptography (background)

1, symmetric cipher system

 Symmetric cipher system is a traditional cryptosystem, also known as private key cryptosystem. In a symmetric encryption system, encryption and decryption use the same key. Because the encryption key is the same, both parties that need to communicate must choose and save their common key, and each party must trust the other party not to divulge the key, so that the confidentiality and integrity of the data can be achieved. For networks with n users, N (n-1)/2 keys are required, and symmetric encryption systems are effective when the user population is not very large. But for large networks, when the user group is very large and distributed widely, the key allocation and preservation becomes a problem. Encrypt and verify confidential information to be sent together with the message digest to (or hash value) to achieve. The most typical algorithms are DES (data Encryption Standard encryption Standard) algorithm and its Triple DES (Triple DES), gdes (Generalized des), idea in Europe, Feal N, RC5, etc. in Japan. Des standards are proposed by the United States National Standards Agency, which is mainly used in the field of electronic funds Transfer (EFT) in banking. Des has a key length of 56bit. Triple des uses two separate 56bit keys to encrypt the exchanged information 3 times, so that its effective length reaches 112bit. The RC2 and RC4 methods are symmetric cryptographic patent algorithms for RSA data security companies using variable key length algorithms. By stipulating different key lengths, C2 and RC4 can increase or decrease the level of security. The advantage of symmetric cipher algorithm is that the computation cost is small, the encryption speed is fast, and it is the main algorithm for information encryption at present. Its limitation lies in its existence of the communication between the two sides of the trade to ensure key security exchange problems. In addition, a trading party has several trade relations, he will maintain several private keys. Nor does it identify the originator of trade or the end of trade, because the two sides of the trade have the same key. In addition, because the symmetric encryption system can only be used to encrypt and decrypt the data, it can not be used for digital signature because it provides the confidentiality of data. Therefore, it is urgent to find a new cipher system.

2, Asymmetric cipher system

 Asymmetric cryptography is also called Public key cryptography, which is proposed for the defect of private key cryptosystem. In a public-key cryptography system, encryption and decryption are relatively independent, encryption and decryption use two different keys, encryption key (public key) to the public, who can use, decryption key (secret key) only the decryption person knows, illegal users based on the public encryption key can not calculate the decryption key, Gu it can be called public key cryptography system. If a person chooses and publishes his public key, anyone else can use the public key to encrypt the message sent to that person. The private key is kept secret and only the owner of the private key can decrypt the ciphertext with the private key. The most famous representative of public-key cryptosystem is RSA system, in addition: Knapsack cipher, mceliece cipher, Diffe_hellman, Rabin, 0 knowledge proof, elliptic curve, eigamal algorithm, etc. The key management of public key key is simple, and it can realize digital signature and verification conveniently. But the algorithm is complex and the rate of encrypted data is low. Public-Key cryptosystem does not have the problem of allocating and saving key in symmetric encryption system, only 2n key is required for networks with N users. In addition to data encryption, public key cryptography can also be used for digital signatures. Public key cryptography can provide the following functions: A, confidentiality (confidentiality): To ensure that the unauthorized access to information, through data encryption to achieve; B, confirm (authentication): To ensure that the other party belongs to the alleged entity, by digital signature to achieve; Data integrity (Integrity): To ensure that information content is not tampered with, the intruder can not use false messages instead of legitimate messages, through digital signatures to achieve; D, Non-repudiation (nonrepudiation): The sender could not later deny that he sent the message, The recipient of the message can prove to a neutral third party that the sender of the reference does send a message and is implemented by digital signature. Visible public Key cryptography system meets all the main objectives of information security.

Advantages of RSA Public key cryptosystem (meaning)

1 solves the problem of key distribution and management in large scale network applications

 The use of block cipher, sequence cipher and other symmetric cryptography, encryption and decryption of both sides of the key is secret, and need to be replaced regularly, the new key is always to be distributed through a secret channel to the user, in the process of transmission, a little careless, it is easy to leak.

 Public Key cryptography encryption key is usually public, and the decryption key is secret, by the user save themselves, do not need to round-trip exchange and transfer, greatly reducing the risk of key leakage. At the same time, when using symmetric cryptosystem in network communication, any two users in the network need to use different keys, only in this way can guarantee not to be tapped by the third party, so n users will use N (n–1)/2 keys. In a large network, if there are 1 million users, the use of 49.5 million keys, the key is too large, difficult to manage, and very cumbersome to use. Using public key cryptosystem, n users only need to produce n pair of keys. Still take 1 million users for example, only 1 million pairs of keys, the need to secretly save only 1 million private keys, the difference is nearly 50 times times, the number is greatly reduced, and the distribution is simple, security is good. This shows that only public key cryptography can easily and reliably solve the problem of distribution and management of key in large-scale network applications.

2 realization of digital signature mechanism in network

Due to its limitations, symmetric key technology cannot provide digital signatures in the network. This is because digital signatures are an important means of representing the authenticity of people or organizations in the network, digitally signed data needs to be unique, private, and the key in the symmetric key technology needs to be shared between the two parties, so it is not satisfying uniqueness, privacy, and can not be used as a digital signature in the network. In contrast, public key cryptography because of the existence of a pair of public and private keys, the private key can represent uniqueness and privacy, and the data encrypted by the private key can only be verified with the corresponding public key, other people can not counterfeit, so that the digital signature service in the network.

Specifically, a message is encrypted with the sender's private key, and any person with the public key corresponding to the private key can decrypt it. Since the private key is owned only by the sender, and the private key is secret, the information encrypted with the private key can be regarded as the sender's signature on the information, and its effect is as valid and non-repudiation as the manual signature in reality.

 A specific approach is: Authentication servers and users each hold their own certificates, the client will be a random number with their own private key signed with the server's public key encryption after the transfer to the server; Use the server's public key encryption to ensure that only the authentication server can decrypt, Using the user's key signature to ensure that the data is issued by the user, the server receives the user data, first with its own private key to decrypt, take out the user's certificate, using the user's public key to decrypt, if successful, to the user database to retrieve the user and their rights information, The authenticated information and the random number from the client are signed by the server's private key, then the user's public keys are used to encrypt it, then the client is returned to the client, and then the information of the authenticated success can be obtained.

Introduction to RSA public-key cryptosystem

rsa is a Rivest,shamir,adleman asymmetric key system based on number theory. RSA is based on the difficulty of large integer decomposition, which is a block cipher system. It is based on the extended Euler theorem (see below):

 Theorem 1 if (a,n) = 1, then = (mod n), where φ (n) represents no more than the positive integer number of n and N.
 Theorem 2 if (m1,m2) = 1, then φ (M1 m2) =φ (M1) φ (m2).
 the theorem 3 if P is prime, φ (p) =p-1.
The RSA is established by the following methods:
 First randomly selected two large prime primes p,q to compute n=p q;
 computes the Euler function φ (n) = (p-1) (q-1);
 Optionally an integer e is a public encryption key, the secret decryption key is derived from E d:d e= 1 modφ (n) = k
 ' φ (n) +1
 Encryption/decryption:
To divide the plaintext into a plain block m of less than bit length,
 Encryption process is: c = E (m,e) = mod n
 decryption process is: M = D (c,d) = mod n
 under the RSA system: D (D, E (m,e)) o = o m mod n
e (E, D (d,m)) o = o m mod n

e,d can be exchanged. When used for digital signatures, the sender only uses its own decryption key D to "encrypt" it, because only the sender knows its own d, deceptions only with the corresponding E "decryption"
To know the clear text, but also to verify the identity of the issuing party.

Security analysis of RSA public key cryptosystem

The security of rsa depends on the factorization problem of large integers. In fact, it is speculated that the security of RSA relies on the factorization of large integers, but no one has mathematically proved that m needs to be factored into N in terms of C and E. It can be imagined that there might be a completely different way to analyze RSA. However, if this method allows the cipher parser to derive D, it can also be used as a new method of factoring large integers. Most unbelievable, some RSA variants have proved to be as difficult as factoring. Even recovering certain bits from the cryptographic ciphertext of RSA is as difficult as decrypting the entire message. In addition, there are some attack methods for the implementation of RSA, not for the basic algorithm.

The target of an attacker's attack on an RSA system can be grouped into three categories:

Considerations for designing RSA Systems

1 through the analysis of RSA security, you can come to the use of RSA should be aware of matters:
The  randomly selects large enough primes (at present it should be above 512 digits);
 in the Communication network protocol using RSA, public mode should not be used (the user knows F (n));
 do not allow attackers to get the original decryption result;
 decryption key D relative modulus n should not be too small;
The  should be either a large encryption key, or the encrypted information m is always large and m cannot be the product of some known values, and the latter can be filled with a random value for m before being encrypted.
 related messages can not be encrypted with the same key, the information is filled with random value before the error of the information and the relationship between the algebra, but pay attention to the choice of filling algorithm;
 should make it impossible to obtain the original signature on any value.
 signed messages should be about the same size as modulus, and not the product of some known values;
 uses mean decryption time and chaos (blinding) to invalidate the statistical means used in time attacks;
 If there are conditions, we can improve the security of the system by using the qualitative factor p,q with large scale difference;

Parameter selection of 2 RSA system

The RSA system is the first system to plant security on a factorization basis. It is obvious that in the public key (E,n), if n can be decomposed by factorization, then the LCM of all element valence in modulo n (that is, the so-called Trap Gate) t=φ (N) = (p-1) (q-1) is not hidden. This makes decryption key D no longer a secret, and thus the entire RSA system is unsafe. Although so far people have not been able to "prove", cracked RSA system equals factorization. But generally "believe" the security of RSA system, is equivalent to factorization. Namely: if can decompose factor N, namely break RSA system;

If the RSA system can be breached, that is, decomposition factor n (believe, but not proven)

Therefore, when using the RSA system, the choice of public key n is very important. Must be made public after n, no one can get t from N. In addition, there is a need to limit the public key E and decryption key D. Otherwise, it may cause the RSA system to be compromised, or it will not be safe to apply to the cryptographic protocol.
 After analysis, we know that RSA system security and system parameters have a great relationship, the x.931 standard on this proposed the following points:
 If public key E is odd, E should be coprime with p-1,q-1;
 If public key e is even, E must be with (p-1)/2, (q-1)/2 coprime, and POQ MoD 8 is not established;
The length of  modulus should be 1024+256x,x=0,1;
 Prime number p,q should be detected by prime number, so that the probability of error is less than;
 P-1,q-1,p+1,q+1 should have large prime number factors;
 gcd (p-1,q-1) should be small;
 p/q should not be close to two small integer ratios, and;
 |p-q| should have a large prime number factor.

Application of rsa public key cryptosystem

1 Digital Signature

For a long time in daily life, for important documents, in order to prevent the destruction of documents, forgery, tampering and so on, the traditional method is to write a handwritten signature on the file. However, it is not possible to use handwritten signatures in computer systems, and the corresponding digital signature mechanism. Digital signature should be able to achieve the function of handwritten signature, its essential characteristic is that only can use the signer's private information to generate the signature. Therefore, when it is validated, it can also be trusted by a third party (such as a judge) to prove at any time that only private information is available to the master to produce this signature.
 Digital signature has the following characteristics:
The  signature is credible;
 signatures cannot be forged;
 Signature is not reusable;
 signed documents can not be changed;
 signatures cannot be denied.
Due to the characteristics of asymmetric cryptography, the realization of digital signature is more effective and simpler than the symmetric cipher system.

2 RSA Public Key Signature technology

 Digital signature can be used secret key benefit, also may use public key. But the secret key is built on the basis of a trusted intermediary, and the use of public key cryptography for digital signature is not subject to this limitation, sending and receiving between the two parties do not need any reliable institutions. It is assumed that the public key encryption and decryption algorithm satisfies the E (d (P)) =p (RSA satisfies these two conditions, in addition to satisfying the D (E (P)) =p, so this assumption is not unrealistic. Then the sender a can pass the EB (DA (P)) conversion, a signed clear text message P to deceptions B. Note that a knows its own private decryption key DA, and also knows B's public key EB, so the work of creating this information should be done by a.

When B receives this message, he decrypts it with his own private key as usual, getting the DA (P), as shown in the figure. He put the message in a safe place and then decrypted it with EA to get the initial plaintext.

To understand how this signature works, now assume that a later denies sending a message p to B. When the case is in court, B can produce p and DA (p). A judge can easily prove that B has a valid message with DA encryption just by using EA. Because B does not know a private key, B can get the only way to encrypt with it is sent by a.

It is important to note that while it is a good way to digitally sign with public key cryptography, there are still problems with the environment they apply rather than the algorithms. Only when
When DA is confidential, B can prove that a message is sent by a. If a exposes its private key, the evidence will not be established because anyone including B can send this message.

With the development of   network technology, e-commerce is being widely used, and the digital signature technology is becoming more and more important. Although RSA has the shortcoming of complicated algorithm and slow speed, it is still widely used in digital signature. With the development of computer technology and the further research on RSA, RSA is moving towards practicality and commercialization, and it can be foreseen that the design of network security system based on RSA will be widely used in network security.  

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.