The goal of this homework is to give you a deeper understanding of RSA encryption and
decryption, its underlying principles and standard representation.
Before starting this assignment, make sure that you understand the relationship between the
modulus and the block size for RSA cipher and how RSA is made practically possible by the fact
that modular exponentiation possesses a fast implementation. Also, before starting to write your
own code for RSA, play with the script PrimeGenerator.py that is discussed in Lecture 12. You
can download the script from the lecture notes web site.
Part 1: RSA Encryption and Decryption
Write a Python/Perl script to implement a 256-bit RSA algorithm for encryption and decryp
tion. You can use the text in the Homework 6 section of the website. Your data block from the
text will be of 128-bits. For the reasons explained in Section 4 of Lecture 12 (12.4), prepend it
with 128 zeroes on the left to make it a 256-bit block. For this assignment, if the overall plaintext
length is not a multiple of 128 bits, pad an appropriate number of zero bits from the right so that
it becomes a multiple of 128 bits (Also do not forget to pad again to make it a 256-bit block as
mentioned previously). This way of creating blocks is a little tricky so make sure you understand
it or you will have issues when trying to get the correct encryption result.
Regarding key generation, remember the following points:
1. The priority in RSA is to select a particular value of e and choose p and q accordingly. For
this assignment, use e = 65537.
2. Use the PrimeGenerator.py script mentioned above (you can import it to your script) to
generate values of p and q. Both p and q must satisfy the following conditions:
(a) The two leftmost bits of both p and q must be set.
(b) p and q should not be equal.
(c) (p−1) and (q −1) should be co-prime to e. Hence, gcd(p−1, e) and gcd(q −1, e) should
be 1. Use Euclid’s algorithm to compute the gcd.
If any of the above condition is not satisfied, repeat Step 2.
3. Compute d. You may use the multiplicative inverse function from Python’s BitVector class.
4. To compute the modular exponentiation for decryption, use the Chinese Remainder Theorem
(CRT). Implementation details are in Section 12.5 of the lecture notes.
5. After decryption, remove the padded 128 zeroes from each block to make the plaintext
printable in ASCII form.
Your script for should have the following command-line syntax:
python rsa.py -g p.txt q.txt
python rsa.py -e message.txt p.txt q.txt encrypted.txt
python rsa.py -d encrypted.txt p.txt q.txt decrypted.txt
An explanation of this syntax is as follows:
• For key generation (indicated with -g):
– The generated values of p and q will be written to p.txt and q.txt, respectively. The
.txt files should contain the number as an integer represented in ASCII. So, for example,
if p = 7, the corresponding text file will display 7 when opened in a text editor (example
files can be found in the Homework section of the course webpage).
• For encryption (indicate with -e)
– Read the input text from a file called message.txt (or whatever the name of the
command-line argument after -e is) and use the p and q values found in the command
line arguments p.txt and q.txt for encryption.
– The encrypted output should be saved in hexstring format to a file with the name of
the final argument, in this case a file called encrypted.txt.
• For decryption(indicated with the -d argument):
– The input ciphertext file (in hexstring format) is specified with argument after -d, in
this case encrypted.txt. As with encryption, use the p and q values found in the
command-line arguments p.txt and q.txt to decrypt the ciphertext.
– The decrypted output should be saved to a file with the name specified by the last
argument, in this case decrypted.txt.
Remember to parse the command-line arguments for your program using the calling conventions
described above. Please do not hard-code the file names into your program.
Part 2: Breaking RSA Encryption for small values of e
Section 12.3.2 in Lecture 12 describes a method for breaking RSA encryption for small values of
e, like 3. In this scenario, a sender A sends the same message M to 3 different receivers using
their respective public keys. All of the public keys have the same value of e, but different values
of n. An attacker can intercept the three cipher texts and use the Chinese Remainder Theorem
to calculate the value of M3 mod N, where N is the product of the values of n. The attacker can
then solve the cube-root to get the plaintext message M. Write a script that does the following:
1. Generates three sets of public and private keys with e = 3
2. Encrypts the given plaintext with each of the three public keys
3. Takes the three encrypted files and the public keys, and outputs the decrypted file as
cracked.txt. Because Python’s pow() function will not provide enough precision to solve
the cube-root, we have provided code on the course website (in the homework section) that
should have the necessary precision. You will need to install the numpy library to use this
本网站支持 Alipay WeChatPay PayPal等支付方式
E-mail: email@example.com 微信号:vipnxx