-9-
v7.0
Authenticity
3. Authenticity
Authenticity is the assurance that a message, transaction, or other exchange of information is from the source it claims to be
from. Authenticity involves proof of identity.
For ensuring message authenticity,
RSA
algorithm is used. The RSA cryptosystem is the most widely-used public key cryptography
algorithm in the world. It can be used to encrypt a message without the need to exchange a secret key separately. Its security is
based on the difficulty of factoring large integers.
The RSA algorithm can be used for both public key encryption and digital signatures:
•
Public-key encryption:
Party A can send an encrypted message to party B without any prior exchange of secret keys. A
just uses B’s public key to encrypt the message and B decrypts it using the private key, which is only known by the receiver.
•
Digital signatures:
RSA can also be used to sign a message, so A can sign a message using their private key and B can verify
it using A’s public key.
Key generation
•
1. Choose two different prime numbers
p
and
q
. For security purposes, the integers
p
and
q
should be chosen at random,
and should be of similar bit-length.
•
2. Compute
n = p·q
. The resulting
n
is used as the modulus for both public and private keys. Its length, usually expressed in
bits, is the key length.
•
3. Compute φ(n) = (p-1)(q-1).
•
4. Choose a public exponent
’e’
such that 1 < e < φ(n), which is coprime to φ(n). The number
e
is released as the public key
exponent.
•
5. Compute a private exponent
’d’
that satisfies the congruence ed
≡
1 (mod φ(n)). The number
d
is kept as the private key
exponent.
•
6. The
public key
consists of the modulus
n
and the public exponent
e
. The
private key
consists of the modulus
n
and
the private exponent
d
, which must be kept secret.
p, q
, and
φ(n)
must also be kept secret because they can be used to
calculate
d
.
The best size for a modulus depends on one’s security needs. The larger the modulus, the greater the security, but also the slower
the RSA algorithm operations. One should choose a modulus length upon consideration, first, of the value of the protected data
and how long it needs to be protected, and, second, of how powerful one’s potential threats might be. Typical bit lengths are
1024, 2048, 3072, 4096, etc.
This is the process of transforming a plaintext message into ciphertext, or vice-versa. The RSA function, for message
‘m’
and key
‘k’
is evaluated as follows:
F(m,k) = m
k
mod n
There are obviously two cases:
•
RSA Encryption scheme:
Encrypting with the public key, and then decrypting with the private key
-
Encryption rule:
F (m,e) = m
e
mod n = c
-
Decryption rule:
F (c,d) = c
d
mod n = m
-
Where ‘
m
’ is the message, ‘
e
’ is the public exponent, ‘
d
’ is the private exponent and ‘
c
’ is the ciphertext.