dissertacao.pdf
dissertacao.pdf
dissertacao.pdf
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Definition 2. [Diffie-Hellman concept of public key cryptosystem] A<br />
cryptosystem where the key consists of a pair of public/private keys, where the<br />
encryption function uses the public key and the decryption function uses the<br />
private key, such that:<br />
it should be easy to create pairs of public/private keys<br />
it should be easy do encrypt messages knowing the public key<br />
it should be easy do decrypt messages knowing the private key<br />
it should be hard to compute the private key from the public key<br />
For a public key cryptosystem to be safe, it should be hard to invert the<br />
encryption function without knowing the private key, and it should be hard<br />
to deduce the private key from the public key alone. This kind of functions,<br />
which are easy to compute but difficult to invert without knowing some extra<br />
parameters are called trapdoor one-way functions.<br />
Regarding cryptosystems used nowadays this inversion is not impossible:<br />
rather it is extremely time consuming, making it useless for Marvin to try it<br />
when the information being transmitted is only relevant for a short period of<br />
time.<br />
1.3 The RSA cryptosystem<br />
The RSA cryptosystem is the first ever published public key cryptosystem, de-<br />
veloped by Rivest, Shamir and Adleman, first presented in their 1978 article[38],<br />
and based on the Diffie-Hellman proposal. Its implementation depends on<br />
an a priori choice of two large prime numbers p and q, that are multiplied<br />
to obtain the RSA modulus N = pq and a subsequent choice of a public and a<br />
private integer parameters, e and d, satisfying ed = 1 + k(p − 1)(q − 1) for some<br />
integer k. These two computations are actually a trapdoor one way function of<br />
RSA: while it is easy to compute N = pq, we will show that it is hard to factor<br />
it. As for the equation which allows us to define the exponents, it will be shown<br />
that it is hard to deduce d from e and N without knowing p and q.<br />
Since its first description by the three computer scientists in 1976, RSA has<br />
been thoroughly analysed and many attacks against it have been found. These<br />
attacks, which aim to recover an encrypted message or to deduce the private<br />
3