Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Asymmetric Cryptography

Probably most significant advance in the 3000 year history of cryptography.

Also known as public-key cryptography
Complements rather than replaces private key crypto.
To solve the problem of key distribution for symmetric key
o How to have secure communications in general without having to trust a Key
Distribution Center (KDC) with your key?
Computationally infeasible to determine the decryption key even though the algorithm and
key used for encryption are known.
Uses two keys a public & a private key.

2 main characteristics:
o One key is used for encryption and a different key but related key is used for
decryption.
o Public key, KPu, a key that is known to everybody
o Private key, KPr, a key that is only known by the owner.
Example

Page 1 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

General Idea of Asymmetric-Key Cryptosystem

Unlike in symmetric-key cryptography, plaintext and ciphertext are treated as integers in

asymmetric-key cryptography.
C = f (Kpublic , P)
P = g(Kprivate , C)
There is a very important fact that is sometimes misunderstood: The advent of asymmetrickey cryptography does not eliminate the need for symmetric-key cryptography.
How can there be two different keys?
Say key1 = 3, key2 = 1/3, message M = 4
Encryption: Ciphertext C = M * key1 = 4 * 3 = 12
Decryption: Plaintext M = C * key2 = 12 * 1/3 = 4
Multiplicative inverse

Basis of Public-Key Cryptography

Public key cryptography is based on the idea of a trapdoor function f: X Y, that is
f is one-to-one
f is public
One-Way Function (OWF)

f is easy to compute
f -1 is difficult to compute
f -1 becomes easy to compute if a trap door is known

Page 2 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Example
If n is large, n = p q is a one-way function.
Given p and q , it is always easy to calculate n; given n, it is very difficult to compute p and
q. This is the factorization problem.
If n is large, the function y = xk mod n is a trapdoor one-way function.
Given x, k, and n, it is easy to calculate y. Given y, k, and n, it is very difficult to calculate x.
This is the discrete logarithm problem. However, if we know the trapdoor, k such that k
k = 1 mod f(n), we can use x = yk mod n to find x.
Example of One Way Function
Factoring
Given x and y, computing n = x y is EASY.
However, given n, computing the factors x and y is HARD.
Discrete Logarithm
Given x, a, and p, computing y x a mod p is EASY.
However, given y, x, and p, computing a is HARD.
Discrete Square-root
Given x and n, computing a x2 mod n is EASY
However, given a and n, computing x is HARD
Example
For x = 6, a = 9, p = 11, we compute
y xa x((x 2 ) 2 ) 2 mod p
with 4 multiplications:
y = 6((62 )2 )2 = 6((36)2)2
= 6((3)2 )2 = 6(9)2
= 6(81) = 6(4)
= 24 = 2
However, finding an a such that
6a 2 mod 11 is hard
We need to try all possibilities (from 1 to p-1) to obtain such a.
Security of Public-Key Cryptography
Similar to symmetric key schemes brute force exhaustive search attack is always theoretically
possible but keys used are too large ( > 512 bits)
Keys used must be large enough to make brute force attack impractical, but small enough for
practical encryption/decryption.
o requires the use of very large numbers
But encryption process is slow compared to symmetric key schemes.

Page 3 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Requirements of Public-Key Cryptography

Computationally easy to generate the key pairs.

Computationally easy for the sender to encrypt.
Computationally easy for the receiver to decrypt.
Computationally infeasible for an opponent, knowing the public key to determine the private
key.
Computationally infeasible for an opponent, knowing the public key and a cipher text, to
recover the original message.(Note: infeasible means if the effort to solve it grows faster than
polynomial time as a function of input size)
Services Provided by Public Key Cryptography Algorithm
Privacy/Confidentiality
o Sender encrypts message with receivers public key.
o Encrypt with KPu (E (KPu, m)) and decrypt with KPr (D(KPr, c))
Authentication (Digital signature)
o Sender creates signature by encrypting the message with his/her private key.
o Encrypt with KPr (EPr(KPr, m)) and decrypt with KPu (D(KPu, c))
o How to verify a message comes intact from the claimed sender.
Integrity
Key Exchange
o To exchange a session key between two entities.

Public-Key Cryptosystem: Privacy/Confidentiality

Page 4 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Public-Key Cryptosystem: Authentication

Authentication
Alice: chooses a random number, r
Alice B: E(KPuB, r) Bobs public key
Bob: r = D(KPrB, E(KPuB, r)) , his private key
Bob Alice: r
o Thus identify that the receiver is Bob.
Digital signature
How do Alice & Bob communicate in such a way that Alice can verify that Bob sent the
message Bob cannot deny that he sent the message?
Alice and Bob pick KPuA, KPrA, KPuB and KPrB
Publicize KPuA and KPuB
Bob Alice: E(KPuA, E(KPrB, P))
Alice: D(KPRA, E(KPuA, E(KPrB, P)) = E(KPrB, P)
Alice: D(KPuB, E(KPrB, P)) = P
Public-Key Cryptosystem: Secrecy and Authentication

Concerns about Asymmetric Algorithms

Page 5 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Concerns are in 3 categories

o fortitude in providing unbreakable security
o practicality
o applicability
Many algorithms are insecure
Among secure algorithms, many are impractical
o key size too large
o ciphertext is much larger than plaintext
Only a few algorithms are both secure and practical
some are only suitable for key distribution
some are only suitable for encryption
some are only useful for digital signatures
Example of Public Key Cryptography Algorithm

Algorithm
RSA
Elliptic
Curve
DiffieHellman
DSS

Encryption/Decryption

Digital Signature

Key Exchange

RSA Public Key Cryptosystem

Ron Rivest, Adi Shamir, and Leonard Adleman developed RSA in 1977; RSA stands for the first
letter in each of its inventors' last names. (RSA - acronym for Rivest-Shamir-Adleman)
Based on number theory operations and the difficulty to find prime factors for a large number
(n = pq, where p and q are primes).
Based on exponentiation in a finite (Galois) field over integers modulo a prime.
Security is due to cost of factoring large numbers, uses large integers (eg. 1024 bits).
However, the key length is flexible but usually used 512 bits.
Block cipher with block size <= log2n.
Generally the block size is k bits where 2k bit where 2k < n <= 2k+1.
Each plaintext block has a value from 0 (n-1).
Block size for encryption is also variable but must be smaller than the key length.
2 numbers that is e (chosen) and d (compute) operate as follows:
c = pe mod n encryption/public key
p = cd mod n decryption/private key
RSA encryption
Suppose Alice wants to send a message m to Bob.
Alice creates the ciphertext c by exponentiate: c = me mod n, where e and n is Bob's public
key.
Page 6 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Alice sends c to Bob.

To decrypt, Bob also exponentiates: m = cd mod n;
o The relationship between e and d ensures that Bob correctly recovers m.
o Since only Bob knows d, only Bob can decrypt this message.

Working of RSA
One Way Function (OWF): multiplying two primes
If they are fairly small we can do this in our heads, on a piece of paper, or on a calculator.
As they get bigger and bigger it is fairly easy to write a computer program to compute the
product.
Multiplication runs in polynomial time.
Multiplication of two primes is easy.
However it is difficult to determine the prime factors of n if the n is large.
Example

To factor: Com
To factor

What are the prime numbers?

15
143
6887
31897
600 digit number
600 digit even number
Take two large primes, p and q (about 100 digits), and compute their product n = p q; n is
called the modulus.
note (n)=(p-1)(q-1) totient Euler function
Choose a number, e, less than n and relatively prime to (p-1) (q-1). (e, n) is the
encryption/public key
where 1 < e < (n), gcd (e, (n)) = 1
Find d, the multiplicative inverse of e such that d = e-1 mod [(p-1)(q-1)]. So (d, n) is the
decryption/private key
e. d 1 mod (n) and 0 d n
d e-1 mod (n)
Publish their public encryption key: KPU={e, n}
Keep private decryption key: KPR {d, n}
The factors p and q may be kept with the private key, or destroyed.
Page 7 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

However if one could factor n into p and q, then one could obtain the private key d. Thus the
security of RSA is based on the assumption that factoring is difficult.
The discovery of an easy method of factoring would "break" RSA

Mathematic Functions for RSA

Primes
A prime is divisible only by itself and 1.
Example:
o List the primes smaller than 10.
There are four primes less than 10: 2, 3, 5, and 7. It is interesting to note that the
percentage of primes in the range 1 to 10 is 40%. The percentage decreases as the
range increases.
Checking for Primeness
o Given a number n, how can we determine if n is a prime?
o The answer is that we need to see if the number is divisible by all primes less than

o This method is inefficient, but it is a good start.

Example
o Is 97 a prime?
The floor of
= 9. The primes less than 9 are 2, 3, 5, and 7.
Check if 97 is divisible by any of these numbers.
It is not, so 97 is a prime.
Is 301 a prime?
o

The floor of
= 17.
Check 2, 3, 5, 7, 11, 13, and 17.
The numbers 2, 3, and 5 do not divide 301, but 7 does.
Therefore 301 is not a prime.

Page 8 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Eulers Phi-Function
Eulers phi-function, (n), sometimes referred as Eulers totient function, plays a very
important role in cryptography.

We can combine the above four rules to find the value of f(n).
For example, if n can be factored as n = p1e1 p2e2 pkek
then we combine the third and the fourth rule to find

Example
o What is the value of (13)?
Because 13 is a prime, (13) = (13 1) = 12.
o

What is the value of (10)?

Use the third rule: (10) = (2) (5) = 1 4 = 4, because 2 and 5 are primes.

What is the value of (240)?

Write 240 = 24 31 51.
Then (240) = (24 23) (31 30) (51 50) = 64

Can we say that v(49) = (7) (7) = 6 6 = 36?

No. The third rule applies when m and n are relatively prime. Here 49 = 72. We need
to use the fourth rule: (49) = 72 71 = 42.

What is the number of elements in Z14*?

The answer is (14) = (7) (2) = 6 1 = 6. The members are 1, 3, 5, 9, 11, and 13.

Fermats Little Theorem

First Version:
ap 1 1 mod p
Second Version:
ap a mod p
Example:
o Find the result of 610 mod 11.
We have 610 mod 11 = 1.
This is the first version of Fermats little theorem where p = 11.

Page 9 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Find the result of 312 mod 11.

Here the exponent (12) and the modulus (11) are not the same.
With substitution this can be solved using Fermats little theorem.

Eulers Theorem
First Version:
af(n) 1 (mod n)
Second Version: a k f(n) + 1 a (mod n)
Example
o Find the result of 624 mod 35
We have 624 mod 35 = 6(35) mod 35 = 1.
Find the result of 2062 mod 77.
If we let k = 1 on the second version, we have
2062 mod 77 = (20 mod 77) (2077) + 1 mod 77) mod 77
= (20)(20) mod 77 = 15.
Multiplicative Inverses
o

a1 mod p = a p 2 mod p
Example:
The answers to multiplicative inverses modulo a prime can be found without using the
extended Euclidean algorithm:

Eulers theorem can be used to find multiplicative inverses modulo a composite.

a1 mod n = a(n)1 mod n
Example:
The answers to multiplicative inverses modulo a composite can be found without using
the extended Euclidean algorithm if we know the factorization of the composite:

Examples of RSA Key Generation

Page 10 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Example 1
Key generation:
Given p = 5 and q = 3
Find n

n = p q = 5 3 = 15

Find (n)

(n) = (p-1)(q-1) = 4 2 = 8

Choose integer e,

gcd ((n), e) = 1 and 1 < e < (n)

Say e = 5
Find d

d = e-1 mod (n) = 5-1 mod 8

Use Eulers theorem to find the inverse: a -1 = a (n) -1 mod n

(8) = (23) = (2 1) 23-1 = 4
53 mod 8 = 5, d = 5 {52 mod 8 = 1, 53 mod 8 = (52 5) mod 8}
Public Key - KPU = {e, n} = {5, 15}
Private Key - KPR = {d, n } = {5, 15}
Message encryption / decryption:
Given message M = 4
To encrypt:
C = 45 mod 15
42 = 16 mod 15 = 1, 45 mod 15 = 4
To decrypt:
M = 45 mod 15 = 4

Example 2
Let p = 11, q = 13, so n = p * q = 143
(n) = (p-1)(q-1) = 10 * 12 = 120
Choose e relatively prime to (n), say e = 11
Now d = 11-1 mod 120 = 11

Page 11 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

If plaintext m = 7,
c = me mod n = 711 mod 143 = 106
To decrypt, since c = 106
m = cd mod n = 10611 mod 143 = 7
What is kept secret: p, q and d
What are revealed: e, and n

Example 3
Encrypt RENAISSANCE using p = 53 and q = 61.
n = p * q = 3233
Say e = 71, then d = 791
(check the validity of e and d)
Break the message into blocks of 4 digits where A = 00, B = 01, , Z = 25 (in practice,
characters would be represented by their 8 bit ASCII codes)
Thus RE NA IS SA NC E = 1704 1300 0818 1800 1302 0426
The 1st block is encrypted as 170471 mod 3233 = 3106

c = 3106 0100 0931 2691 1984 2927

Example 4
p = 61, q = 53, pq = 3233,
e = 17 (public exponent),

d = 2753 (private exponent)

Public key is (pq, e).

Private key is d.
C = encrypt (T) = (T17) mod 3233
T = decrypt(C) = (C2753) mod 3233
Encrypt (123) = (12317) mod 3233 = 337587917446653715596592958817679803 mod 3233 =
855

Page 12 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Decrypt (855) = (855^2753) mod 3233 =

5043288895841606873442289912739446663145387836003550931555496756450105562861208255997874424542811005438349865428933638493024645144150785172
0917966547826353070996380353873265008966860747718297458229503429504079035818459409563779385865989368838083602840132509768620766977396675332
5054282609347573513798806325648263933445309259438556242923301751977190016924916912809150596019178760171349725439279215696701789902134307146
4689712796102771813783945869677289869342365240311693217089269617643726521315665833158712459759803042503144006837883246101784830717585474547
2520696889259958925443667014322054695431740022855009238636942444855973333063051607385302863219302913503745471946757776713579549652029197905
0578153287155839207030315958593749366328354860209083063550704455658896319318011934122017826923344101330116480696334024075046952588669876586
6900622402410208846650753026395387052663193358473481094876156227126037327597360375237388364148088948438096157757045380081079469800667348777
9588375828998513279307035335512750904399481789790548993381217329458535447413268056981087263348285463816885048824346588978393334662544540066
1964521876669479552802308841246594823927510577049113329025684306505229256142730389832089007051511055250618994171231777951579794297117954752
9630183784386291397787766129820738907279676720235011399271581964273076407418989190486860748124549315795374377124416014387650691458681964022
7602776686953090395131496831909732450545234594477256587887692693353918692354818518542420923064996406822184490119135710885424428521120773712
2383110545543126530739407592789082260604317113339575226603445164525976316184277459043201913452893299321613074405322274705728948121435868319
7841559727649635709090121513130415756920979851832104115596935784883366531595132734467524394087576977789084901269153228420809496307929724713
0442219424390659030814289393029158483087368745078977086921845296741146321155667865528338164806795455941891006950919658990854567980723923708
4630255354568691923554629957157358790622745861957217211107882865756385970941907763205097832395713464119025004702084856040821750949107716553
1176529747380317676582058767314028891032883431850884472116442719390374041315564986995913736516210845113740224335185995766577539693628125425
3900685526245456141925880943740212888666974410972184534221817198089911953707545542033911964539366461792968165342652234639936742330970183533
9046236776936703805342644821735823842192515904381485247388968642443703186654199615377913969649003039587606549152449450436001359392771339521
0125192857209259788751160195962961569027116431894637342650023631004555718003693586055264910000907245183786689564417164907278356281009708545
2413546966084481161338780654854515176167308605108065782936524108723263667228054003879410864348226750090778265121013728195831653139698309088
7317417474535988684298559807185192215970046508106068445595364808922494405427663296745923088984848684358654798505115428440164623526969317993
7784430217857019197098751629654665130278009966580052178208139317232379013232494682609200819981037684847167874989193694997914824716345060937
1256541225019537951668976018550875993133677977939527822273233375295802631226653589482055665152894663690320832876804323906115493509545909340
6676402258670848337605369986794102620470905715674470565311124286290735488849298998356099963609214112849774586146960402870296707014781794902
4828290748416008368045866685507604619225209434980471574526881813185085915019485276359650345815364165654931601306133040743445796510838030406
2240278898042825189094716292266898016684480963645198090510905796513075703792459580744797523712667610114738787421441491548135917439279949695
6415653866883891715446305611805369728343470219206348999531917640161103924904391798033989754917653959236085118076531847064733180157820741276
4787592739087492955716853665185912666373831235945891267870958380002245150942445756487448408687753084539552173063669389170239403718478036277
4643171470855830491959895146776294392143100245613061114299370005577513397172825491100560089408984196713197091181655429087610900832499783133
8240786961578492341986299168008677495934077593066022078149438078549967989453993640636857226974223618584114250483724512446558027085917979559
1086523099756519838277952945756996574245576162189014035954234930424786883835444236857223681399021261363744082131478483203563615611346287019
8514239018429097416386202320510397121849833552863086851842826346150274418735863950404228151239950599598365379222728584742207167783667945134
3638070865797742198535953931662799887897216959634553463364979492211301766131620747726611310701232140371388227022172323308547267953301507998
0622538354589480248200431447261915961905260340690619309392907241028494870016717296951770346790997944097506376492963567555800711621827727603
1829217903502904860909762662853966270243925368902563371014716832740450458306022867631421581599007916426277000546123229192192997169907690169
0259464681041412142044724026616582756805241668614733933226595912700645630447416085291672187007045144649793226668732146346749041185886760836
8403061906957869900965213906752050197440767765104388515194161931847991913492438815282203846472926944608491529995881859885519514906630731177
7238132267516945882593638786107243025659809149010327838482140113655678493410243151248286452917031410040012016364829985325166349056053794585
0894244038552524554777922401046148907527451634251399216373835681414904793203742633730198782540569961916352019389698254478631309773749154478
4276345325939987417001381631981166453772089440028548500026968598264456218379411670215184772190933923218508777579095933267631141312961939849
5926138987901669710881027663862316769405729593253807864344410051213802508179762272379721035219677326844194648616402961059899027710532570457
0163326134310764177000432371524746263939901189972784536294930363691490088106053123163000901015083933188011668215163893104666659513782749892
3745560511004016477716822716267270783701224246551264878454923504185216742638318973333243467444903978001784689726405462148024124125833843501
7048853206014756878623180940900126324196909225202267988011340807301221626440413388739260052309607238615855496515800103474611979213076722454
3803671883253708606713311325819922797552277184864847532612430280417794309093899237093805365204646255147267884961527773274119265709116613580
0841454214876873103944410547963930853089688036560850477214459217250012650071706896942815462756370458838904219177398190648731908014828739058
1594622278672774186101110276324797290412221199411738820452633570175909067862815928151998221457652796853892517218720090070389138562840007332
2585075904853480465645434983707328762593589142785431826658729460807238965229159902173888795773647738726574610400822551124182720096168188828
4938946788104688473126554172620978905678458109651797530087306154649030211213352818084761229904095764278573163641248809309497707395675884229
6317115846456984202455109029882398517953684125891446352791897307683834073696131409745229856386682726910433575176771288945278813686239650666
5408989439495161912002160777898876864736481837825324846699168307281220310791935646668401591485826999933744276772522754038533221968522985908
5154811040229657916338257385513148234595916332814458198436145963060249936175309792556123803901469066516367371885958277252568311998998464602
7216462797640770570748164064507697798699551061800464719378082232501489340785113783325107375382340346626955329260881384389578409980417041041
7776084630686261061405961520706669524301843857503176293954302631267377406936404705896083462601885911184367532529845888040849710922999195655
3970191119191918832730860376677533960772245563211350657219106758751186812786344197572392195263333856538388240057190102564949233944519659592
0399239221740024723414719097096456210829954774619322898118128605556588093851898811812905614274085809168765711911224763286587127553892843812
6611991937924624112632990739867854558756652453056197509891145781147357712836075540017742686609650933051721027230666357394623341363804591423
7759965220309418558880039496755829711258349053693992776114261796407100127632804287060835315945823059463268278612702033569803461432456970214
84375

mod 3233 = 123

Example 5
Select primes p=11, q=3.
n = p q = 11 3 = 33
= (p-1)(q-1) = 10 2 = 20
Choose e = 3
Check gcd (e, p-1) = gcd (3, 10) = 1

Page 13 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

and check gcd (e, q-1) = gcd (3, 2) = 1

therefore gcd (e, ) = gcd (e, (p-1)(q-1)) = gcd (3, 20) = 1
Compute d such that e d 1 (mod )
compute d = e-1 mod = 3-1 mod 20
find a value for d such that divides (e d -1)
Find d such that 20 divides 3d-1.
Simple testing (d = 1, 2, ...) gives d = 7
Check: e d -1 = 3 7 - 1 = 20, which is divisible by .
Public key = (n, e) = (33, 3)
Private key = (n, d) = (33, 7).
Now say we want to encrypt the message m = 7,
c = me mod n = 73 mod 33 = 343 mod 33 = 13.
Hence the ciphertext c = 13.
To check decryption we compute m' = cd mod n = 137 mod 33 = 7.
Note that we don't have to calculate the full value of 13 to the power 7 here. We can make
use of the fact that a = b c mod n = (b mod n) (c mod n) mod n
So we can break down a potentially large number into its components and combine the results
of easier, smaller calculations to calculate the final value.
One way of calculating m' is as follows:m' = 137 mod 33 = 13(3+3+1) mod 33 = 133 133 13 mod 33
= (133 mod 33) (133 mod 33) (13 mod 33) mod 33
= (2197 mod 33) (2197 mod 33) (13 mod 33) mod 33
= 19 19 13 mod 33 = 4693 mod 33 = 7.
Now if we calculate the ciphertext c for all the possible values of m (0 to 32), we get
m
c

0
0

1
1

2
8

3
27

4
31

5
26

6
18

7
13

8
17

9
3

10
10

11
11

12
12

13
19

14
5

15
9

16
4

m
c

17
29

18
24

19
28

20
14

21
21

22
22

23
23

24
30

25
16

26
20

27
15

28
7

29
2

30
6

31
25

32
32

Example 5
Suppose Ted wants to send the message NO to Jennifer.
Ted changes each character to a number (from 00 to 25), with each character coded as
two digits.
He then concatenates the two coded characters and gets a four-digit number. The
plaintext is 1314.

Page 14 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Real Use of RSA

In general RSA is not used to encrypt long messages. Instead it is used for:

transmitting short secret key/value eg. credit card, key for use in symmetric E/D system
digital signature
authentication i.e. identifying an entity
certificate

Practical Usage of RSA: Digital Envelope

Suppose Alice wishes to send an encrypted message to Bob.
Alice encrypts the message with DES, using a randomly chosen DES key.
Then she looks up Bob's public key and uses it to encrypt the DES key. The DES-encrypted
message and the RSA-encrypted DES key together form the RSA digital envelope and are
sent to Bob.
Upon receiving the digital envelope, Bob decrypts the DES key with his private key, then
uses the DES key to decrypt the message itself.
This combines the high speed of DES with the key-management convenience of RSA.

Page 15 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Breaking RSA

The obvious way to do this attack is to factor the public modulus, n, into its two prime factors,
p and q. From p, q, and e, the attacker can easily get d.
The hard part is factoring n;
Security of RSA depends on factoring being difficult. In fact, the task of recovering the
private key is equivalent to the task of factoring the modulus.
It should be noted that hardware improvements alone will not weaken RSA, as long as
appropriate key lengths are used. In fact, hardware improvements should increase the
security of RSA.
Another way to break RSA is to find a technique to compute eth roots mod n.
Since c = me mod n , the eth root of c mod n is the message m.
This would allow someone to recover encrypted messages and forge signatures even
without knowing the private key.
No general methods are currently known that attempt to break RSA in this way. However,
in special cases where multiple related messages are encrypted with the same small
exponent, it may be possible to recover the messages.
These are no attack against the algorithm but instead the protocol.
Attacker sees a ciphertext and guesses that the message might be, for example, "Attack at
dawn," and encrypts this guess with the public key of the recipient and by comparison
with the actual ciphertext, the attacker knows whether or not the guess was correct.
Appending some random bits to the message can thwart this attack.

Page 16 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Example
Eve listen to Alices communication and manage to collect a ciphertext message, c,
encrypted with Alice public key. Eve wants to read the message i.e. m = cd.
To recover m, Eve choose a random #, r, such that r is less than n.
Then she get Alices public key, e and start computing
x = re mod n, y = xc mod n,
t = r-1 mod n
If x = re mod n, then r = xd mod n
Eve gets Alice to sign y with her private key, thereby decrypting y.
Alice send Eve u = yd mod n
Eve computes tu mod n = r-1 yd mod n = r-1 xd cd mod n = cd mod n = m

Page 17 of 17