Using the RSA Cryptosystem

Return to Course Outline

Previous Lecture

Anything You Want to Talk About?

(No.)

End-of-Semester Reminders

The last day to grade anything for this course is Tuesday, December 21. Grading meetings must end by 5:00 that day.

SOFIs are under way. See email from “sofi@geneseo.edu” for a link.

Reflective Essay

A short essay in which you reflect on how you have (or haven’t) changed as a writer this semester.

Turn it in simply by sharing it with me or emailing it to me. There are no meetings, peer edits, etc.

See the handout for more information.

Using the RSA Cryptosystem

Create public/private key pairs for RSA and use them to communicate with each other.

Activity

Work either individually or in small teams.

Use a Google doc as the shared communication channel:

In detail…

1. Generate a public and private key pair for your team.
2. Claim an unused section of the Google doc and post your public key in it.
3. Use one or more other teams’ public keys to encrypt messages for them; paste the encrypted messages into their section of the Google doc.
4. Decrypt one or more of the messages posted to your section.
5. Time permitting, try posting a signed message from you to your section of the Google doc. If other teams post such messages, try checking the signatures.
6. Time permitting, see if you can break someone else’s code and decrypt their messages.

These web sites will help:

• A key calculator at https://www.cs.drexel.edu/~jpopyack/Courses/CSP/Fa17/notes/10.1_Cryptography/RSAWorksheetv4e.html
• An encrypter/decrypter at https://www.cs.drexel.edu/~jpopyack/Courses/CSP/Fa17/notes/10.1_Cryptography/RSA_Express_EncryptDecrypt_v2.html
• A table of prime numbers at http://compoasso.free.fr/primelistweb/page/prime/liste_online_en.php

Discussion

How hard or easy did you find it to use RSA? What were the pitfalls? Did anyone successfully break another team’s cryptosystem? How? Etc?

You have to be very careful about what information you’re using where: public vs private keys, alphabetic plaintext vs numeric plaintext vs numeric ciphertext, etc.

There are a couple of simple mistakes that dramatically compromise the security of RSA (although every cryptosystem has certain simple mistakes that compromise it, it’s not a problem unique to RSA). In particular…

• Too small an n value. RSA encrypts blocks of text, typically hundreds of characters long. But otherwise it’s just a monoalphabetic substitution, i.e., the same block will be encrypted the same way every time. Using long blocks makes frequency analysis impossible, but block size is limited by n, so if you work with a small n, each block will be only 1 character, and you’ll have a cipher that’s as easy to break as the simple substitution ciphers we started this course with.
• Exposing private keys. Traditional cryptosystems require that you share your key with at least one other person, namely the one you want to communicate with. There’s a saying to the effect that “a secret shared by two people isn’t really a secret,” and this is in fact one of the weaknesses of traditional cryptography. Public key cryptosystems gain security relative to traditional ones from the simple fact that private keys never need to be shared. With anyone. Ever. So don’t.

Next

Security of RSA and other aspects of modern cryptography.

Next Lecture