code-break-party/misc/Proj RSA2_ Cracking a Short RSA Key (15 pts.).html

310 lines
11 KiB
HTML

<!-- saved from url=(0041)https://samsclass.info/141/proj/pRSA2.htm -->
<html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Proj RSA2: Cracking a Short RSA Key (15 pts.)</title>
</head>
<body bgcolor="#cccccc">
<h1>Proj RSA2: Cracking a Short RSA Key (15 pts.)</h1>
What you need:
<ul>
<li>A Mac or Linux computer with Python.
</li></ul>
<h2>Purpose</h2>
To break into RSA encryption without prior knowledge of the
private key. This is only possible for small RSA keys,
which is why RSA keys should be long for security.
<p>
</p><h2>Summary</h2>
Here's a diagram from the textbook showing the
RSA calculations.
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA1-1.png"></blockquote>
<h2>Problem Statement</h2>
Meghan's public key is (10142789312725007, 5).
Find her private key.
<h2>1. Factoring n</h2>
<h3>Finding the Square Root of n</h3>
n = 10142789312725007. This is the product of
two prime numbers, p and q.
<p>
How large are p and q? Well, they can't both be
larger than the square root of n, or they'd be larger
than n when multiplied together.
</p><p>
Start Python in interactive mode. On a Mac
or Linux box, you can do that by
typing this command into a Terminal window:
</p><blockquote><b><big><code>
python
</code></big></b></blockquote>
Execute these commands:
<blockquote><b><big><code><pre>import math
n = 10142789312725007
print math.sqrt(n)
</pre></code></big></b></blockquote>
The square root prints out,
as shown below.
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA2-1.png"></blockquote>
<h3>Displaying More Decimal Places</h3>
It's not clear from that output whether the result
is an integer, or just rounded off to one decimal
place. To see more decimal places, we'll use
the repr() function.
<p>
Execute this command:
</p><blockquote><b><big><code><pre>print repr(math.sqrt(n))
</pre></code></big></b></blockquote>
Now more decimal places appear,
as shown below.
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA2-2.png"></blockquote>
<h3>Testing 20 Candidates</h3>
So one of the prime factors must be a prime number
less than 100711415. All we have to do is try dividing
n by odd numbers starting at 100711413 and going down until
we get an integer result. (We don't need to test 100711415 because
it's divisible by 5 and therefore not a prime number.)
<p>
A good way to do this is to calculate n mod c, where c is a candidate. If c is a factor of n, the result will be zero.
</p><p>
We can test the first 20 candidates with a for loop.
</p><p>
Execute these commands:
</p><blockquote><b><big><code><pre>c = 100711413
for i in range(c, c-40, -2):
print i, n%i
</pre></code></big></b></blockquote>
Press Enter twice after the last command to terminate the loop.
<p>
The third candidate is the winner, with a remainder of zero,
as shown below.
</p><blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA2-3.png"></blockquote>
<h3>Calculating q</h3>
We now know p and we can calculate q.
<p>
Execute these commands:
</p><blockquote><b><big><code><pre>p = 100711409
q = n / p
print p, q, n, p*q, n - p*q
</pre></code></big></b></blockquote>
The calculation worked, so the last value is zero,
as shown below.
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA2-4.png"></blockquote>
<h2>2. Compute phin = (p-1) * (q-1)</h2>
Execute these commands:
<blockquote><b><big><code><pre>phin = (p-1) * (q-1)
print p, q, n, phin
</pre></code></big></b></blockquote>
The parameters print out, as shown below.
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA2-6.png"></blockquote>
<h2>3. Compute Private Key d</h2>
We need to find a <b>d</b> with this
property:
<blockquote>
<b> (d * e) mod phin = 1 </b>
</blockquote>
We know that e = 5 from the Problem Statement.
<p>
It's not obvious how to find d, but
<a href="https://stackoverflow.com/questions/4798654/modular-multiplicative-inverse-function-in-python">there's
a simple way to do it in Python</a>, using the
"gmpy&gt; library.
</p><p>
Open a <b>new Terminal window</b>, not the one
running Python, and execute this command to
download and install a few dependencies and gmpy:
</p><blockquote><b><big><code><pre>brew install gmp mpfr mpc
pip install gmpy
</pre></code></big></b></blockquote>
<p>
In the Terminal window running python,
execute these commands.
</p><blockquote><b><big><code><pre>e = 5
import gmpy
d = gmpy.invert(e, phin)
print d, e, d*e %phin
</pre></code></big></b></blockquote>
We get the value of d, and, to verify it,
we see that d*e %phin is indeed 1,
as shown below.
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA2-7.png"></blockquote>
<h2>4. Encrypting a Message</h2>
<h3>Encoding the Message as a Number</h3>
Cueball wants to send Meghan this message:
<blockquote><b><big><code><pre>Hi!
</pre></code></big></b></blockquote>
We can only send numbers.
Let's convert that message to three bytes of ASCII
and then interpret it as a 24-bit binary value.
<p>
In the Terminal window running python,
execute these commands.
</p><blockquote><b><big><code><pre>x1 = ord('H')
x2 = ord('i')
x3 = ord('!')
x = x1*256*256 + x2*256 + x3
print x
</pre></code></big></b></blockquote>
We get the value of x,
as shown below.
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA2-8.png"></blockquote>
<h3>Encrypting the Message with the Public Key</h3>
A public key contains two numbers: <b>n</b>
and <b>e</b>. To encrypt a message <i>x</i>,
use this formula:
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA1-11.png"></blockquote>
<p>
Execute these commands:
</p><blockquote><b><big><code><pre>y = x ** e % n
print y
</pre></code></big></b></blockquote>
The encrypted message appears,
as shown below.
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA2-9.png"></blockquote>
<h2>5. Decrypting a Message</h2>
To decrypt a message, use this formula:
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA1-13.png"></blockquote>
Execute these commands:
<blockquote><b><big><code><pre>xx = y ** d % n
print xx
</pre></code></big></b></blockquote>
Python crashes,
as shown below. It cannot handle such large numbers.
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA2-10.png"></blockquote>
To compute such a number, we must use the pow() function.
<p>
Execute these commands to restart python and restore
all the values we calculated previously:
</p><blockquote><b><big><code><pre>python
n = 10142789312725007
p = 100711409
q = 100711423
phin = (p-1) * (q-1)
e = 5
import gmpy
d = gmpy.invert(e, phin)
x1 = ord('H')
x2 = ord('i')
x3 = ord('!')
x = x1*256*256 + x2*256 + x3
y = x ** e % n
</pre></code></big></b></blockquote>
Your screen should look like the image
below.
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA2-11.png"></blockquote>
Let's try that decryption again with the pow()
function. Execute these commands:
<blockquote><b><big><code><pre>xx = pow(y, d, n)
print xx
</pre></code></big></b></blockquote>
Now it works, showing our original message in
numerical form.
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA2-12.png"></blockquote>
<h3>Converting the Message to Readable Text</h3>
To convert that number back to letters,
execute these commands:
<blockquote><b><big><code><pre>xx1 = xx / (256*256)
xx2 = (xx - 256*256*xx1) / 256
xx3 = xx - 256*256*xx1 - 256*xx2
msg = chr(xx1) + chr(xx2) + chr(xx3)
print xx1, xx2, xx3, msg
</pre></code></big></b></blockquote>
Now it works, showing the original message in
readable form, as shown below.
<blockquote><img src="./Proj RSA2_ Cracking a Short RSA Key (15 pts.)_files/pRSA2-13.png"></blockquote>
<hr>
<h2>Challenge 2a: Encrypt "OBEY!"</h2>
Using the same system and keys, encrypt this message:
<blockquote><b><big><pre>OBEY!
</pre></big></b></blockquote>
<i>Hint 1: The message, converted to a number, is 12 digits long and ends in 41.</i>
<p>
<i>Hint 2: The encrypted message is 16 digits long and ends in 81.</i>
</p><p>
Use the form
below to put your name on the
<a href="http://ad.samsclass.info/python/RSAchal2a-winners.htm">
<b>WINNERS PAGE</b></a>.
</p><blockquote>
<form action="http://ad.samsclass.info/python/RSAchal2a.php" method="post">
<table cellpadding="5" border="10"><tbody><tr><td>
<table cellpadding="5">
<tbody><tr><td><big><b>Your Name (without spaces):</b></big></td>
<td><textarea name="u" rows="1" cols="25"></textarea></td></tr>
<tr><td><big><b>Encrypted message:</b></big></td>
<td><textarea name="p" rows="1" cols="30"></textarea></td></tr>
<tr><td colspan="2" align="center"><big><b>
<input type="submit" value="SUBMIT"></b></big></td></tr>
</tbody></table>
</td></tr></tbody></table>
</form>
</blockquote>
<hr>
<h2>Challenge 2b: Message to Cueball</h2>
Cueball's public key is:
<blockquote><b><big><pre>(111036975342601848755221, 13)
</pre></big></b></blockquote>
Meghan sends this message to Cueball. Decrypt it.
<blockquote><b><big><pre>80564890594461648564443
</pre></big></b></blockquote>
Use the form
below to put your name on the
<a href="http://ad.samsclass.info/python/RSAchal2b-winners.htm">
<b>WINNERS PAGE</b></a>.
<blockquote>
<form action="http://ad.samsclass.info/python/RSAchal2b.php" method="post">
<table cellpadding="5" border="10"><tbody><tr><td>
<table cellpadding="5">
<tbody><tr><td><big><b>Your Name (without spaces):</b></big></td>
<td><textarea name="u" rows="1" cols="25"></textarea></td></tr>
<tr><td><big><b>Cleartext Message:</b></big></td>
<td><textarea name="p" rows="1" cols="25"></textarea></td></tr>
<tr><td colspan="2" align="center"><big><b>
<input type="submit" value="SUBMIT"></b></big></td></tr>
</tbody></table>
</td></tr></tbody></table>
</form>
</blockquote>
<hr>
<h2>Challenge 3: Message to Rob</h2>
Rob public key is:
<blockquote><b><big><pre>(1234592592962967901296297037045679133590224789902207663928489902170626521926687, 5557)
</pre></big></b></blockquote>
Meghan sends this message to Rob. Decrypt it.
<blockquote><b><big><pre>272495530567010327943798078794037733865151017104532777645776936985235709526002
</pre></big></b></blockquote>
<i>Hint:
<a href="https://stackoverflow.com/questions/10725522/arbitrary-precision-of-square-roots">make square root calculations more precise</a>.</i>
<p>
Use the form
below to put your name on the
<a href="http://ad.samsclass.info/python/RSAchal2c-winners.htm">
<b>WINNERS PAGE</b></a>.
</p><blockquote>
<form action="http://ad.samsclass.info/python/RSAchal2c.php" method="post">
<table cellpadding="5" border="10"><tbody><tr><td>
<table cellpadding="5">
<tbody><tr><td><big><b>Your Name (without spaces):</b></big></td>
<td><textarea name="u" rows="1" cols="25"></textarea></td></tr>
<tr><td><big><b>Cleartext Message:</b></big></td>
<td><textarea name="p" rows="1" cols="25"></textarea></td></tr>
<tr><td colspan="2" align="center"><big><b>
<input type="submit" value="SUBMIT"></b></big></td></tr>
</tbody></table>
</td></tr></tbody></table>
</form>
</blockquote>
<hr>
<h2>Sources</h2>
<a href="https://stackoverflow.com/questions/4078902/cracking-short-rsa-keys">
Cracking short RSA keys</a>
<p>
<a href="http://www.numberempire.com/primenumbers.php">
Prime Numbers Generator and Checker</a>
</p><p>
<a href="https://stackoverflow.com/questions/10725522/arbitrary-precision-of-square-roots">Arbitrary precision of square roots</a>
</p><hr>
Posted 3-31-16 by Sam Bowne <br>
Winners pages added 8-6-16 <br>
Attack server name updated 4-4-17 <br>
</body></html>