breaking cryptosystems joshua langford university of texas at tyler fall 2007 advisor: dr. ramona...
DESCRIPTION
What Malice Can Do Attain any message passing through the network. Attain any message passing through the network. Be a legitimate user of the network. Be a legitimate user of the network. Become a receiver to any user. Become a receiver to any user. Send messages to any user by impersonating any other user. Send messages to any user by impersonating any other user.TRANSCRIPT
![Page 1: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/1.jpg)
Breaking Breaking CryptosystemsCryptosystems
Joshua LangfordJoshua LangfordUniversity of Texas at TylerUniversity of Texas at Tyler
Fall 2007Fall 2007Advisor: Dr. Ramona Ranalli AlgerAdvisor: Dr. Ramona Ranalli Alger
![Page 2: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/2.jpg)
Users of the SystemUsers of the System
Bob and Bob and AliceAlice
MaliceMalice
![Page 3: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/3.jpg)
What Malice Can DoWhat Malice Can DoAttain any message passing through Attain any message passing through
the network.the network.Be a legitimate user of the network.Be a legitimate user of the network.Become a receiver to any user.Become a receiver to any user.Send messages to any user by Send messages to any user by
impersonating any other user.impersonating any other user.
![Page 4: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/4.jpg)
What Malice Cannot DoWhat Malice Cannot DoGuess a random number from lots of Guess a random number from lots of
numbers.numbers.Retrieve plaintext without the correct Retrieve plaintext without the correct
private key.private key.Have control of private computers.Have control of private computers.Find the private key matching a Find the private key matching a
given public key.given public key.
![Page 5: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/5.jpg)
Some Standard AttacksSome Standard AttacksThe Message Replay AttackThe Message Replay Attack.Man-in-the-Middle Attack.There are many, many, many others.
![Page 6: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/6.jpg)
ProblemProblem It would be really nice if Malice didn’t It would be really nice if Malice didn’t
have to follow the rule that says he have to follow the rule that says he cannot find the private key matching cannot find the private key matching a given public key.a given public key.
![Page 7: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/7.jpg)
SolutionSolutionFind a way to Find a way to
break that rule. break that rule. So how do you So how do you
find the private find the private key if all you key if all you know is the know is the public key?public key?
![Page 8: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/8.jpg)
RSARSAPick two random prime numbers p
and q. Compute N = pq and
Φ(N) = (p - 1) (q - 1). Choose a random e є Z such that
0 < e < Φ(N) and gcd(e, Φ(N)) = 1. Compute the integer d such that
ed ≡ 1 mod Φ(N) and 0 < e < Φ(N).
![Page 9: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/9.jpg)
RSA ContinuedRSA ContinuedAlice gives Bob her public key, (N, e),
and keeps d as her private key. Bob converts his message text into
an integer 0 < m < N and encrypts it by computing c = m^e mod N and sends c to Alice.
Alice decrypts the message by computing m = c^d mod N.
![Page 10: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/10.jpg)
Breaking RSABreaking RSAUse brute force to
find every possible factor of N to get p and q. But N is such But N is such a big number! In a big number! In order to facilitate his order to facilitate his laziness, he comes laziness, he comes up with a better way.up with a better way.
![Page 11: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/11.jpg)
Breaking RSA ContinuedBreaking RSA ContinuedBecause p is multiplied by q, either p
= q and N = p 2 or p > q which means that 0 < p < √(N) rounded up. This means Malice only needs to try √(N) numbers.
Unfortunately, if N is really big, √(N) is also very big!
![Page 12: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/12.jpg)
Breaking RSA ContinuedBreaking RSA ContinuedNotice he only needs to try the odd
numbers.Now Malice only needs to check
√(N) /2 numbers!
![Page 13: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/13.jpg)
Cracking RSACracking RSA
p = 256,203,221 p = 256,203,221 q = 275,604,541q = 275,604,541 pq = pq =
70,610,771,126,426,561
Factor.exe
![Page 14: Breaking Cryptosystems Joshua Langford University of Texas at Tyler Fall 2007 Advisor: Dr. Ramona Ranalli…](https://reader036.vdocuments.mx/reader036/viewer/2022090107/5a4d1c0f7f8b9ab0599f61c0/html5/thumbnails/14.jpg)
Why Does it Work?Why Does it Work?Today's RSA algorithms use primes that have Today's RSA algorithms use primes that have
upwards of 500 digits. Here is a 300 digit prime:upwards of 500 digits. Here is a 300 digit prime: 2039568783564019774057658669290345772820395687835640197740576586692903457728
0193993314348263094772646453283062722701939933143482630947726464532830627227012776329366160631440881733123728826770127763293661606314408817331237288267712387953870940015830656733832827915449123879538709400158306567338328279154499698366071906766440037074217117805690896983660719067664400370742171178056908727928481491120222863321448761833763267279284814911202228633214487618337632651208357482164793399296124991731983621512083574821647933992961249917319836219304274280243803104015000563790123 9304274280243803104015000563790123