Introduction:
The RSA algorithm is a well-known and reliable asymmetric key and encryption algorithm. Before introducing the RSA algorithm, we must first know the concept of prime numbers, because this is the basis of the RSA algorithm.
A prime number is a number that can only be divided by 1 and itself, 1 and 2 are prime numbers, and prime numbers above 2 can only be odd numbers.
The RSA algorithm is based on the mathematical fact that it is easy to multiply two large prime numbers, but it is difficult to factor the product. The private and public keys in RSA are based on large prime numbers (more than 100 digits). The algorithm itself is very simple, but the actual difficulty lies in the private and public keys selected and generated by RSA.
RSA operation structure:
How to generate private and public keys, and how to use them for encryption and decryption.
(1)选择两个大素数 P、Q
(2)计算 N = P * Q
(3)选择一个公钥(即加密密钥)E,使其不是(P-1)(Q-1)的因子
(4)选择私钥(即解密密钥)D,满足下列条件:
(D * E) mod (P-1) * (Q-1) = 1
(5)加密时,从明文PT计算密文CT如下:
CT = PT^E mod N
(6)将密文CT发送给接收方
(7)解密时,从密文CT计算明文PT如下:
PT = CT^D mod N
RSA example:
(1)选择两个大素数 P、Q。
设计P = 7,Q = 17
(2)计算N = P * Q
得 N = 7 * 17 = 119
(3)选择一个公钥(即加密密钥)E,使其不是(P-1)(Q-1)的因子
·求出(7-1)(17-1)=6*16=96
·96的因子为2,2,2,2,2,3(因为96=2*2*2*2*2*3)
·因此,E不能有因子2和3。例如,不能选择4(因为2是它的因子),15(因为3是它的因子)或6(2,2都是它的因子)
·假设选择E为5.
(4)选择私钥(即解密密钥)D,满足下列条件:
(D*E) mod (P-1)*(Q-1) = 1
·将E、P、Q的值带入公式。
·得到:(D*5) mod (7-1)(17-1) = 1
·经过计算,取D=77。
(5)加密时,从明文PT计算密文CT如下:
CT = PT^E mod N
·假设要加密的明文10。则
·CT = 10^5 mod 119 = 100000 mod 119 = 40
(6)将密文CT发送给接收方。
将密文40发送给接收方
(7)解密时,从密文CT计算明文PT如下:
PT = CT^D mod N
计算如下:
·PT = CT^D mod N
·即PT = 40^77 mod 119 =10
·解出明文
Let's look at the same example above, but slightly different.
(1)取P=7,Q=17
(2)因此N=P*Q=119
(3)选择公钥E为5
(4)选择私钥D为77
根据这些值,考虑上图所示的加密和解密过程。这里A是发送方,B是接收方。可以看出,可以用编码机制编码字母:
A=1,B=2······Z=26。假设用这个机制编码字母,那么B的公钥为77(A和B知道),B的私钥为5(只有B知道)
其工作如下,假设发送方A要向接收方B发送一个字母F。利用RSA算法,字母F编码如下:
(1)用字母编号机制,F为6,因此将F的编码为6.
(2)求这个数与指数为E的幂,即6^5.
(3)计算6^5 mod 119,得到41,这是发送的加密信息
接收方用下列方法解密41,得到初始密码F:
(1)求这个数与指数为D的幂,即41^77
(2)计算41^77 mod 119 得到6
(3)按照字母编号机制得到F
The key to understanding RSA
According to the calculation of the example, it can be seen that the RSA algorithm itself is very simple, the key is to select the key that is being determined. Assuming that B wants to receive A's confidential information, he must generate a private key (D) and a public key (E), and then send the public key and number N to A. A encrypts the message with E and N, and then sends the encrypted information to B. B uses the private key (D) to decrypt the message.
The problem is that since B can calculate and find D, others can also calculate and find D, but it is not easy, which is the key to RSA.
As long as the attacker knows the public key E and the number N, it seems that the private key D can be found by trial and error, but in practice, P and Q choose a large number, so it is not easy to find P and Q from N. Mathematical analysis shows that when N is 100, it takes 70 pairs of years to find P and Q.
RSA Security
Although there have been no reports of successful attacks on RSA so far, the possibility of future attacks is not without. Here are some possible attacks against RSA
Plaintext attacks
Plaintext attacks are further divided into the following three subtypes.
(1) Attacks that use shorter messages. Suppose the attacker knows some plaintext blocks. If so, the attacker can try to encrypt each plaintext block to see if he can get the known ciphertext. To prevent this kind of attack, it is recommended to take some protection before encrypting the plain text
(2) Periodic attacks. Here, the attacker assumes that the ciphertext is obtained by replacing the plaintext in some way. If this assumption is true, then the attacker can perform reverse processing, that is, continuously replace the known ciphertext to obtain the original plaintext. However, for the attacker, the difficulty here is that when using this method, the attacker does not know which plaintext can be considered correct. Therefore, the attacker continuously performs substitution operations on the ciphertext until the ciphertext body is obtained, then the attacker can know that the text obtained in the previous step to obtain the original ciphertext must be the original plaintext. Therefore, this attack is called a periodic attack
(3) Attacks using public information. In theory, in rare cases, the encrypted ciphertext is the same as the original plaintext! If this is the case, the original plaintext message cannot be hidden. This kind of attack is called an attack using public messages. Therefore, after using RSA for encryption, before sending the ciphertext to the receiver, make sure that the ciphertext is different from the original plaintext
Attack of selected partial ciphertext In
this attack, the attacker uses the extended Euclidean algorithm to find the plaintext based on the original ciphertext.
The entire security of the factorization attack RSA is based on the assumption that an attacker cannot decompose the digit N into two quotes P and Q. If the attacker can get P and Q from the equation N = P * Q, then the attacker can get the private key. As mentioned earlier, assuming that N is a 300-digit decimal number, the attacker does not need to find P and Q. easily.
Attacks on encryption keys
When the value of public key E is small, RSA will run faster, resulting in potential attacks. This attack is called an attack on encryption keys. Therefore, it is recommended to use E as 65537 or close to the entire Value.
Attacks on decryption keys
This attack can be further divided into two categories:
(1) Attacks that guess the number of decryption values. If an attacker can guess the decryption key D, not only is the danger of encrypting the cipher text obtained in plaintext with the corresponding encryption key E, even the following message is also dangerous. To prevent this attack, it is recommended that the sender use unusual values for P, Q, N, and E.
(2) Attack on a smaller decryption index. As explained in the encryption key, using a smaller number for the decryption key D can make RSA run faster. This will help the attacker guess the decryption key D during the attack.
