Breaking Breaking CryptosystemsCryptosystems

Joshua LangfordJoshua LangfordUniversity of Texas at TylerUniversity of Texas at Tyler

Fall 2007Fall 2007Advisor: Dr. Ramona Ranalli AlgerAdvisor: Dr. Ramona Ranalli Alger

Users of the SystemUsers of the System

Bob and Bob and AliceAlice

MaliceMalice

What Malice Can DoWhat Malice Can DoAttain any message passing through Attain any message passing through

the network.the network.Be a legitimate user of the network.Be a legitimate user of the network.Become a receiver to any user.Become a receiver to any user.Send messages to any user by Send messages to any user by

impersonating any other user.impersonating any other user.

What Malice Cannot DoWhat Malice Cannot DoGuess a random number from lots of Guess a random number from lots of

numbers.numbers.Retrieve plaintext without the correct Retrieve plaintext without the correct

private key.private key.Have control of private computers.Have control of private computers.Find the private key matching a Find the private key matching a

given public key.given public key.

Some Standard AttacksSome Standard AttacksThe Message Replay AttackThe Message Replay Attack.Man-in-the-Middle Attack.There are many, many, many others.

ProblemProblem It would be really nice if Malice didn’t It would be really nice if Malice didn’t

have to follow the rule that says he have to follow the rule that says he cannot find the private key matching cannot find the private key matching a given public key.a given public key.

SolutionSolutionFind a way to Find a way to

break that rule. break that rule. So how do you So how do you

find the private find the private key if all you key if all you know is the know is the public key?public key?

RSARSAPick two random prime numbers p

and q. Compute N = pq and

Φ(N) = (p - 1) (q - 1). Choose a random e є Z such that

0 < e < Φ(N) and gcd(e, Φ(N)) = 1. Compute the integer d such that

ed ≡ 1 mod Φ(N) and 0 < e < Φ(N).

RSA ContinuedRSA ContinuedAlice gives Bob her public key, (N, e),

and keeps d as her private key. Bob converts his message text into

an integer 0 < m < N and encrypts it by computing c = m^e mod N and sends c to Alice.

Alice decrypts the message by computing m = c^d mod N.

Breaking RSABreaking RSAUse brute force to

find every possible factor of N to get p and q. But N is such But N is such a big number! In a big number! In order to facilitate his order to facilitate his laziness, he comes laziness, he comes up with a better way.up with a better way.

Breaking RSA ContinuedBreaking RSA ContinuedBecause p is multiplied by q, either p

= q and N = p 2 or p > q which means that 0 < p < √(N) rounded up. This means Malice only needs to try √(N) numbers.

Unfortunately, if N is really big, √(N) is also very big!

Breaking RSA ContinuedBreaking RSA ContinuedNotice he only needs to try the odd

numbers.Now Malice only needs to check

√(N) /2 numbers!

Cracking RSACracking RSA

p = 256,203,221 p = 256,203,221 q = 275,604,541q = 275,604,541 pq = pq =

70,610,771,126,426,561

Factor.exe

Why Does it Work?Why Does it Work?Today's RSA algorithms use primes that have Today's RSA algorithms use primes that have

upwards of 500 digits. Here is a 300 digit prime:upwards of 500 digits. Here is a 300 digit prime: 2039568783564019774057658669290345772820395687835640197740576586692903457728

0193993314348263094772646453283062722701939933143482630947726464532830627227012776329366160631440881733123728826770127763293661606314408817331237288267712387953870940015830656733832827915449123879538709400158306567338328279154499698366071906766440037074217117805690896983660719067664400370742171178056908727928481491120222863321448761833763267279284814911202228633214487618337632651208357482164793399296124991731983621512083574821647933992961249917319836219304274280243803104015000563790123 9304274280243803104015000563790123