I'm trying to implement a simple version of RSA encryption for an assignment I have to do for school.
The thing is I must be doing something wrong. I chose the prime numbers 17 and 29 so n = 493
I chose 491 to be my encryption key and therefore 246 is the decryption key. But when I start trying to encrypt and decrypt a message (I have ASCII code and I encode character by character in their decimal value) I don't get the same message when decrypting.
For example when I try with the letter "L" L=76
So I do x=76^491 (mod 493) and the result is 359
But when I do x=359^246 (mod 493) I get 13 as a result, which is not the 76 I needed.
What is it I'm doing wrong here? Because I read a lot about RSA and it should be working but it's not so I must have done something wrong.
Thank you for your time and I'd really appreciate it if I got an answer soon. The assignment is due next Monday.
It looks like you have calculated the private exponent incorrectly. It should be 323, not 246.
The private exponent is the inverse of the public exponent modulo Phi(N) = (p-1)(q-1), whereas you appear to have calculated the inverse modulo N.
Related
so we have a private key used to sign requests which are later decrypted using the public key. I was messing around with it and replaced a few characters in it, say changing 'wnoy' to 'xxyy'
I suspected this would essentially change the key and the decryption fail as a result but this wasn't the case. Are the changes simply too small to result in a meaningful change to the key?
Thank you!
Any change to the modulus, exponent or CRT parameters that are used during calculation will result in failure of the algorithm to produce a correct signature or in failure during decryption (most likely producing a padding error).
However, because an RSA private key is not just a single number it is commonly saved in a PKCS#1 defined ASN.1 / DER encoded structure. Now it depends on what you change of this structure if the private key is damaged enough or not. The encoding of this structure (if it is a PEM private key) may also play a role.
Most likely you have changed the public or private exponent while the RSA CRT parameters are being used in the calculation (either the private exponent or CRT parameters are used for the calculations). In that case the calculation will proceed as normal. You would have about 256 bytes that can be changed without causing a problem for a 2048 bit key.
The slower "plain" RSA calculation uses the private exponent, which means that any change to the CRT parameters will go unnoticed (unless the structure doesn't parse anymore). For a 2048 bit key you would very likely have over 5 x 128 bytes that can be changed without causing a problem!
From PKCS#1:
RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER, -- (inverse of q) mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}
here the CRT (Chinese Remainder Theorem) parameters are the prime1, prime2, exponent1, exponent2 and finally coefficient parameters.
I'm trying to solve the following question (see below)
enter image description here
My understanding what in order to go encrypt the plain text (and get the cipher text). I must compute 9^15 mod 2 to get the cipher text? How is the answer 6?
Many thanks in advance!
You are confusing the modulus n and the public key e.
In your case, the RSA modulus is 15 and the public exponent is 2, and, in general, we write the public key is as a tuple (n,e)=(15,2)
now, RSA (textbook) encryption calculated as m^e = mod n; as a result
9^2 = 6 mod 15
see at WolframAlpha
Note: RSA encryption needs padding to be secure against some attacks.
as James noted in the comment, this cannot be RSA.
phi(15) = (3-1)*(5-1) = 8.
The inverse of 2 doesn't exist in mod 8. therefore there is no private key. Interestingly, in this case inverse of 3,5,7 mod 8 are also 3,5,8, respectively.
The 2 suggests that this is actually Rabin Cryptosystem.
I have the values of p, q, dp (which is d (mod p - 1)), and dq (which is d(mod q - 1)), and of course, the encrypted message itself.
I don't understand how to extract the remaining necessary values to decrypt the message.
In addition, the numeric values are so huge almost no online calculator site can solve them. (The encrypted message is 308 digits, p and q are each 155 digits, and dp and dq are each 154 digits, and the n value I got from multiplying p and q is 309 digits.)
If I were to write a program to solve it, C# or Python would be preferred.
I am very new to learning encryption and decryption, so a walkthrough perhaps in the answer would be very much appreciated!
The RSA math is explained in RFC 3447, section 5.1.2, you want Step 2, part b. And then you'll need to unpad the message, either according to OAEP or PKCS1 rules (see section 7).
I'm not learning cryptography yet, and this exercise - in the form it was delivered as a homework, was more of an exercise on reading composite functions and the like. Either way, I took a look at some part of the source code and didn't understand this.
For RSA encryption, the source code manipulated the string in such a way:
Message is being hashed into an integer list. (int1, int2, int3...)
Encrypt int1
Subtract result from int2 ( int2 - e(int1))
Modulo with the modulo key (n)
RSA transform with a key.
However, the RSA decryption method is done by:
1) RSA_transform
2) Result is added
3) Modulo with n
The part that puzzles me about the RSA decryption is the need for modulo after the adding and rsa_transform. If it's needed, shouldnt it be used in reverse order of how the chain of operations was carried out in RSA encryption?
Also, an "invert_modulo" was provided in the source code. I originally believed this to be a key in decrypting the message, but it wasn't so. What could "invert_modulo" be used for?
I cannot understand the first part of your question as the steps to hash the string is not clear also i don't get 3rd part of your encryption step. As for the Second question invert_modulo is the "MODULAR MULTIPLICATIVE INVERSE".
While working with modular airthmetic we always want our answer to be in the integer range 0 to M-1(where M is the number we modulo with) simple operations like addition , multiplication and subtraction are easy to perform : like (a+b) MOD M, it is well defined for the constraints of modular airthmetic.
Problem arises wen we try to divide : (a/b) MOD M
as you can see here a/b may not always always give an integer, therefore (a/b) does not lie in the integer range 0 to M-1. so to overcome this we try to find an inverse of b that we would rather multiply a with, i.e : (a*b_inverse) MOD M.
b_inverse can be defined as : (b*b_inverse) MOD M = 1.
i.e b_inverse is a number in the range 0 to M-1, which when multiplied with b, modulo M yields 1.
Note : also note that modular inverse of some numbers might not exist we can check that by taking the GCD of M and the number concerned(in our example "b") if GCD is not equal to 1 the the modular inverse does not exist.
I've learned the theory of public key encryption but I'm missing the connection to the physical world. e.g.
I've been told that good RSA encryption should rely on prime numbers with 300 decimal digits but why? who came up with this number? How long it will take to break such encryption (statistics about different machines).
I've tried Google, but couldn't find what I wanted. anyone?
thanks
The key of asymmetric cryptography is to have an asymmetric function which allow decrypting message encrypted by the asymmetric key, without allowing to find the other key. In RSA, the function used is based on factorization of prime numbers however it is not the only option (Elliptic curve is another one for example).
So, basically you need two prime numbers for generating a RSA key pair. If you are able to factorize the public key and find these prime numbers, you will then be able to find the private key. The whole security of RSA is based on the fact that it is not easy to factorize large composite numbers, that's why the length of the key highly change the robustness of the RSA algorithm.
There are competitions to factorize large prime numbers with calculators each years with nice price. The last step of factorizing RSA key was done in 2009 by factorizing 768 bits keys. That's why at least 2048 bit keys should be used now.
As usual, Wikipedia is a good reference on RSA.
All public key algorithms are based on trapdoor functions, that is, mathematical constructs that are "easy" to compute in one way, but "hard" to reverse unless you have also some additional information (used as private key) at which point also the reverse becomes "easy".
"Easy" and "hard" are just qualitative adjectives that are always more formally defined in terms of computational complexity. "Hard" very often refers to computations that cannot be solved in polynomial time O(nx) for some fixed x and where n is the input data.
In the case of RSA, the "easy" function is the modular exponentiation C = Me mod N where the factors of N are kept secret. The "hard" problem is to find the e-th root of C (that is, M). Of course, "hard" does not mean that it is always hard, but (intuitively) that increasing the size of N by a certain factor increases the complexity by a much larger factor.
The sizes of the modulus which are recommended (2048 bits, or 617 decimal digits) relate to the availability of computation power at present time, so that if you stick to them you are assured that it will be extremely expensive for the attacker to break it. For more details, I should refer you to a brilliant answer on cryptography.SE (go and upvote :-)).
Finally, in order to have a trapdoor, N is built so as to be a composite number. It theory, for improved performance, N may have more than 2 factors, but the general security rule is that all factors must be balanced and have roughly the same size. That means that if you have K factors, and N is B bits long, each factor is roughly B/K bits longs.
This problem to solve is not the same as the integer factorization problem though. The two are related in that if you manage to factor N you can compute the private key by re-doing what the party that generated the key did. Typically, the exponent e being used is very small (3); it cannot be excluded that someday somebody devises an algorithm to compute the e-th without factoring N.
EDIT: Corrected the number of decimal digits for the modulus of a 2048 bits RSA key.
RSA uses the idea of one-way math functions, so that it's easy to encrypt and decrypt if you have the key, but hard (as in it takes lots and lots of CPU cycles) to decrypt if you don't have the key. Even before they thought of using prime numbers, mathematicians identified the need for a one-way function.
The first method they hit upon was the idea that if your "key" is a prime number, and your message is another number, then you can encrypt by multiplying the two together. Someone with the key can easily divide out the prime number and get the message, but for someone without the prime number, figuring out the prime number key is hard.