MINISTRY OF EDUCATION AND TRAINING MINISTRY OF DEFENCE MILITARY INSTITUTE OF SCIENCE AND TECHNOLOGY HOANG VAN THUC A STANDARD SYSTEM FOR SECURITY PARAMETERS OF RSA CRYPTOSYSTEM AND APPLICATION Speciality: Mathematical foundation for computer and computing systems Code: 62 46 35 01 SUMMARY OF MATHEMATICAL DOCTORAL THESIS HA NOI-2011 THESIS IS COMPLETED AT MILITARY INSTITUTE OF SCIENCE AND TECHNOLOGY Supervisors: 1. Dr Leu Duc Tan 2. Asc. Prof. Dr Bach Nhat Hong Reviewer 1: Asc. Prof. Dr Hoang Van Tao Government Information Security Commission. Reviewer 2: Dr Tran Van Truong Government Information Security Commission. Reviewer 3: Asc. Prof. Dr Đinh The Cuong Le Quy Don Technical University This thesis will be defended at the board of doctoral examination - Military Institute of Science and Technology at …./…./…./2011 This thesis can be found at: - Library of Military Institute of Science and Technology. - National Library of Vietnam 1 INTRODUCTION As with all other cryptographic primitives, the model and algorithm structure of RSA cryptosystem are public. However, a difficult problem is that how selection and use of the system parameters for this cryptosystem so that it ensures security and effectiveness. Thus, security criteria construction for RSA parameters is still interested by many scientists. Currently, there are many documents related to this area are published, for example ANSI X9.31, NIST 800-57, FIPS 186-3. However, along with the development of cryptography science, cryptanalysis science developed many new attacks to RSA cryptosystem. Studying the existing security criteria as well as studying and proposing new security criteria for RSA parameters are very necessary. From the above practical requirements, choosing the topic “A standard system for security parameters of RSA cryptosystem and application” for studying is reasonable. Objective of the research Studying overview to master the knowledge of RSA cryptosystem and security criteria for the RSA parameters that have been published in the international standards; proposing new security criteria for RSA parameters (studying and supplementing the existing criteria as well proposing new standards); applying security RSA parameters for the Web security protocols. Object of the research The thesis chooses RSA cryptosystem and the web security protocol for studying. 2 Contents of research  Study overview of RSA public key cryptosystem.  Study and build the security criteria for RSA parameters  Build and install algorithms to generate security RSA parameters that satisfy above criteria.  Study to apply the security RSA parameters for the web security protocols. Thesis organization The thesis consists of three chapters, and following sections: introduction, conclusion, publication list and appendixes. New research contents of thesis  Propose and supplement quantification for the existing criteria.  Propose new criteria to resist the cycling attack on RSA cryptosystem.  Constructing, coding the algorithm to generate security RSA parameters and integrating into the certificate generating software under the X509 standard.  Modifying Web browser software to ensure security for web transaction using security RSA parameters. 3 CHAPTER 1 OVERVIEW OF RSA PARAMETER CRITERIA AND WEB SECURITY PROTOCOLS To explain the necessary and build a foundation for implementing the thesis contents, this chapter will present some results of the related publications. 1.1. DEFINITIONS AND SYMBOLS Trivial Divisor: Divisors 1, -1, N and -N are called trivial divisors of the integer number N. Prime Number: Integer N>1 is a prime number if it has trivial divisors. Composite number: Integer N>1 is a composite number if it is not prime number. Primality Certificate: Mathematic proof that a given number is really prime number. Trial Division: Trial division of N is to check all prime numbers that are smaller than or equal as N 1/2 to see if they divide N. Secure strength (secure_strength): A value related to the amount of work (the number of operations) that is required to crack a cryptographic algorithm or a cryptosystem. Namely, a cryptographic algorithm with given parameters is said to have the security level secure_strength if cracking this algorithm requires at least 2 security_strength operations. 1 p , 2 p , 1 q , 2 q are called auxiliary primes. 4 1.2. RSA PUBLIC KEY ENCRYPTION 1.2.1. Key generation algorithm for RSA public key encryption Step 1: Generate two large random (an distinct) prime p and q; Step 2: Compute N pq  , ( ) ( 1, 1) N lcm p q     ; Step 3: Select integer e, 1 ( ) e N    , such that gcd( , ( )) 1 e N   ; Step 4: Compute integer d, 1 ( ) d N    , such that 1(mod ( )) ed N   ; Step 5: RSA public key is (N, e); RSA private key is (N, d); (N, e, d) is called RSA parameters. 1.2.2. RSA public key encryption primitive B encrypts a message * N m Z  and A decrypts. Encryption: B uses public key (N, e) of A and encrypt (mod ) e c m N  . Decryption: A uses his private key (N, d) to decrypt (mod ) d m c N  . 1.2.3. RSA signature primitive scheme Entity A signs a message * N m Z  , entity B check A’s signature for m Signature generation: A uses secrete key (N, d) to generate signature (mod ) d s m N  for m. Signature verification: B uses A’s public key (N, e) to verify A’s signature for m; B compute ' (mod ) e m s N  , if m = m' return “valid signature”, otherwise return “invalid signature”. 1.2.4. RSA-based cryptosystems Nowadays, in information security applications, they always use formative RSA public key encryptions and RSA signature schemes. 5 In those schemes, they use set of the message preparation functions: * * { : } N N G g    . Instead of direct calculation on message m (primitives schemes), they calculate on ( ) x g m  with gG. 1.2.5. Security of RSA cryptosystem Security of RSA cryptosystem based on the intractability of the modulo N factorization problem. 1.3. PRIME NUMBER GENERATION ALGORITHMS 1.3.1. Probabilistic primality tests The thesis presents two probabilistic primality tests: Miller- Rabin primality test and Frobenius-Grantham primality test. 1.3.2. Prime number generation methods 1.3.2.1. Using probabilistic tests The thesis presents two prime number generation methods using the probabilistic primality tests T: random choice of candidate and incremental search method. 1.3.2.2. Deterministic prime number generation algorithms The thesis presents two deterministic prime number generation algorithms: Shawe-Taylor’s algorithm and Maurer’s algorithm. 1.3.3. Remarks  In two prime number generation methods using the probabilistic primality tests, random choice of candidate method is guaranteed to produce uniform chosen k bit primes, but less effective in practice.  Output primes of Maurer’s algorithm is more diversification than Shawe-Taylor’s algorithm 6 1.4. CRITERIA FOR RSA PARAMETERS 1.4.1. Criteria for RSA parameters are presented in ANSI X9.31 Criteria for the length of modulus X9.31 recommends the length of modulus in bits: 1024+256s, s is integer and s0. Criteria for primes: p, q X9.31 presents 07 criteria for primes p and q, to create RSA modulus. Criteria for public exponent e e is positive integer, such that 160 2 2 nlen e    . Criteria for private exponent d d=e -1 (mod lcm(p-1, q-1)) and such that 512 128 2 s d   . 1.4.2. Criteria for RSA parameters are presented in FIPS 186-3 and NIST 800-57 Minimum length of RSA modulus NIST 800-57 recommends the minimum length of RSA modulus in bits that RSA cryptosystem is secure until the years 2010, 2030 and after 2030 Criteria for primes: p, q FIPS 186-3 presents 06 criteria for primes p and q, to create RSA modulus. Criteria for public exponent e FIPS 186-3 recommends public exponent e shall be selected prior to generating the primes p, q and e satisfy: 2 16 < e < 2 256 . Criteria for private exponent d FIPS 186-3 recommends private exponent d shall be selected satisfying d > 2 nlen/2 , and d = e -1 mod (lcm((p-1), (q-1))). 7 1.4.3. Remarks In three above introduced standards, only the standard ANSI X9.31 gives the mathematical foundation for the proposed criteria. However, along with the time, the model technologies have been developed. Therefore, study of theory basis to propose the correct quantification for each standard to be necessary. 1.5. RSA CRYPTOSYSTEM AND WEB SECURE PROTOCOLS RSA cryptosystem that used in web secure transaction through SSL/TLS protocol. 1.5.1. Introduction about the SSL/TLS protocols SSL Protocol is to provide security communication for between client/server applications. 1.5.2. SSL protocol version 3.0 SSL protocol version 3.0 has four main elements: handshake protocol, SSL record protocol, SSL alert protocol and SSL Change Cipher Spec Protocol. 1.5.3. Session key computation in SSL protocol Session key for communication will be calculated from elements: ClientHello.random, ServerHello.random, pre_master_secret. In that pre_master_secret is encrypted under RSA public key cryptosystem. 1.5.4. RSA cryptology system and secure web service RSA public key cryptosystem is used in SSL secure protocol with the aim of authentication and session key establishment. However, to apply the RSA parameter for high level security of the web secure protocol, we need to modify some cryptographic properties of these applications. 8 1.6. CHAPTER 1 CONCLUSIONS This chapter presented overview of the results of publications in Viet Nam and on the world related to the contents of thesis that need to be solved, discussed and evaluated about the advantages and weak points, proposed the solutions to overcome the weak points to makes it better than those results, namely:  Based on studying the existing secure criteria for parameters of RSA cryptosystem to find out the necessary of carrying out, to improve quantification for the exist criteria, build new criteria to improve the secure for RSA cryptosystem. (The building and proposing secure criteria for the RSA parameters will be presented in chapter 2)  Introduce some prime number generation algorithms and their properties, choose a reasonable algorithm to build RSA parameters generation algorithm.  Study SSL/TLS protocol and the role of RSA cryptosystem in the above secure protocols, evaluate the application ability of RSA parameters in web application, and then propose the solutions to build web applications that apply the security RSA parameter. (The algorithms construction and implementation to generate security RSA parameters as well as applying them for web secure protocol will be presented in chapter 3). [...]... PUBLICATION LIST 1 Leu Đuc Tan, Hoang Van Thuc (2006), "An algorithm generate RSA- strong pair primes P, Q satisfy |P-Q| has large prime factor", Military Journal of Science and Technology, No 14, pp 63-67 2 Leu Đuc Tan, Hoang Van Thuc, Tran Quang Ky, Nguyen Quoc Toan, Teresa Pagés López, Amando Delgado Delgado (2008), "Improving Miller-Rabin algorithm", Military Journal of Science and Technology, No 22,... Đuc Tan, Hoang Van Thuc, Tran Quang Ky, Nguyen Quoc Toan, Teresa Pagés López, Amando Delgado Delgado (2008), "Number of primality witness of Carmichael numbers in MillerRabin algorithm”, Military Journal of Science and Technology, No 24, pp 108-113 4 Hoang Van Thuc, Bach Nhat Hong (2009), "A new criterion for RSA public exponent", Military Journal of Science and Technology, No 27, pp 50-53 5 Hoang Văn... criterion for the public exponent e and a criterion for primes p, q) to resist the cycling attack with the RSA cryptosystem 3 Designing and coding the security RSA parameter generation algorithm and integrating the algorthm in to the digital certificate generating program follows X509 standard 4 Changing the Web Mozilla Firefox software that can be applied the security RSA parameters in the Web security... web explorer open source that security RSA parameters can be applied to web security transaction 24 CONCLUSION The thesis has achieved following results: 1 Detailed study about the RSA public key cryptosystem: Key generation algorithm for RSA cryptosystem, RSA public key encryption, RSA signature schemes; revewing, evaluating the existing secure criteria for RSA parameters 2 Detailed study about the... secure protocols and the applicability of RSA that satisfy the high secure criteria in web transaction security 3 Building secure criteria system for RSA parameter with 10 creiteria 4 Building and setting up the secure RSA parameters generation algorithm that satisfy the proposed createria 5 Applying the secure RSA parameters for Web security service Main contribution of thesis: 1 Researching and supplementing... factoring attack and William p1 factoring modification attack 2.1.3.3 Criteria for the length of the primes p, q p and q shall be selected randomly and satisfy: ( 2)(2( nlen / 2)1 )  p, q  (2nlen / 2  1) Basis of proposal: To ensure that RSA cryptosystem can resist the attacks based on factoring algorithms those complexities depend on the length of prime factors, and improve the effect of the RSA public... enough N is rarely To acchieve this we can based on the result of Lemma 2.3 14 Lemma 2.3 Let p1 and q1 are prime factors of p  1 và q  1 ; p11 and q11 are prime fators of p1  1 and q1  1 ;and p11 , q11 >B When select e such that ord p1 e multiple of p11 and ord q1 e multiple of q11 then we have: 1 p1q1 To prove the Lemma 2.3 (based on the Properties 2.1, 2.2 and Prob m  * : per ( m)  B  N Lemma... N1, PQ2, D1 and E1  Building new criteria, a criterion for primes p, q (PQ6) and a criterion for the public exponent e (E2), ensuring that for RSA public key encryption can resist cycling attack 17 CHAPTER 3 SECURITY RSA PARAMETERS GENERATION AND INTEGRATING THEM INTO WEB SECURE SERVICES 3.1 SECURITY RSA PARAMETERS GENERATION ALGORITHMS In the algorithms we use following symbols:  level: can receive... criterion for the public exponent e) ord p1 e is multiple of p11 and ord q1 e is multiple of q11 2.4 CHAPTER 2 CONCLUSIONS In this chapter researched and proposed the criteria for RSA parameters to improve the security and effectiveness in using RSA cryptosystem Criteria were built based on:  Researching and evaluating the secure of RSA cryptosystem with the related attacks to propose the existing... minimize the computation in decryption and signature generation, we can select the small private exponent However, RSA cryptosystem is easy to be broke through the attacks such as Wiener’ attack, Boneh and Durfee’s attack Boneh and Durfee’s attack is successful if satisfy the following inequality:  7 1 12  1  6  , with e  N  and d  N  6 3 2.1.4.3 Criteria for e and d The length of public exponent . AND TRAINING MINISTRY OF DEFENCE MILITARY INSTITUTE OF SCIENCE AND TECHNOLOGY HOANG VAN THUC A STANDARD SYSTEM FOR SECURITY PARAMETERS OF RSA CRYPTOSYSTEM AND. to propose the correct quantification for each standard to be necessary. 1.5. RSA CRYPTOSYSTEM AND WEB SECURE PROTOCOLS RSA cryptosystem that used in web secure transaction through SSL/TLS. ClientHello.random, ServerHello.random, pre_master_secret. In that pre_master_secret is encrypted under RSA public key cryptosystem. 1.5.4. RSA cryptology system and secure web service RSA public