Programming Assignment #1
CSE 452: Fall 2004
Due Date: 10/12/04
Instructions: This programming assignment is designed to develop your
Scheme programming skills and to illustrate how functional programming can be
used for security applications. In particular, the assignment will familiarize you
with the RSA key encryption system. The deliverables for this assignment
include a Scheme program called “rsa-yourlastname.scm” and an additional
file that is to be produced using word processing software like MS Word that will
contain information and answers to specific exercises. In addition, a “README”
file should be provided if there are any special instructions that are required to
run your Scheme program (i.e., other than using the “load” command in the
Scheme interpreter. All files are to be handed-in using the “handin” program by
midnight on the due date shown.
A partially completed skeleton program “rsa.scm” is provided for you as part of
this assignment. You will be asked to code four functions within this program
and to use the completed RSA implementation to perform various encryption,
decryption, and verification tasks.
RSA Background:
The RSA cryptography system was developed by Ronald Rivest, Adi Shmir, and
Leonard Adelman of MIT, based upon the work of Whitfield Diffie and Martin
Hellman of Stanford University. In general, the RSA system works by applying a
set of mathematical functions to convert blocks of characters into integers. RSA
is a “public-private” key system. Conceptually, an individual uses RSA to
generate a key pair containing a private key and a public key. The public key is
made widely available but the private key is kept securely by the user. When
someone wants to send an RSA encrypted message, they utilize the recipients
public key to encode. The recipient then uses his/her private key to decode the
message.
RSA also permits the use of “digital signatures” – a method of verifying the
identity of the person who sent you the encrypted message. In general,
encrypted messages are digitally signed by compressing the encrypted message
with a publicly disseminated hash compression function that reduces the
encrypted block of integers into a single number. This hashing produces an
unencrypted signature that is then encrypted using the sender’s private key to
form the encrypted signature for the message. To verify the signature, the
recipient compresses the encrypted message with the public hash function to
yield what the unencrypted signature should be if it were actually sent by the
person who is represented as the sender. The encrypted signature is then
decrypted using the purported sender’s public key and compared to the
unencrypted signature produced by the hashing of the encrypted message. If
the two match, the message has been verified. If it does not, then the person
who signed the message did not use the private key of the purported sender.
Figure 1 provides a schematic depicting the encryption, decryption, and
signature flow of control of the RSA cryptography system.
Unencrypted
Message
Encrypt w/
recipient’s
public key
Encrypted
Message
Compress
w/ hash
function
Unencrypted
Signature
Encrypt w/
sender’s
private key
Encrypted
Message
Decrypt w/
recipient’s
private key
Decrypted
Message
Compress
w/ hash
function
Decrypt w/
sender’s
public key
Unencrypted
Signature
Number that
should match
unencrypted
signature
Figure 1: Encryption and Digital Signature
From a mathematical perspective, the RSA encryption/decryption process may be
summarized as follows:
1.
Select two large prime numbers, p and q and compute:
n = pq
m = (p - 1)(q - 1)
2.
Select a number e where the gcd(e, m) = 1. Let the unencrypted
message be s, such that the encrypted message Ris calculated by:
R= (se) mod n
3.
To decrypt, another transformation is performed using the value of n
and another special number d to yield the unencrypted message s’ as
follows:
s’ = (Rd) mod n
where the value of d has the property s = s’ for every message s,
such that
s = (se)d mod n
it can be shown that the value of d has the property:
de = 1 mod m
4.
Thus, the private key consists of the value pair (n, d) and the public
key consists of the value pair (n, e).
There are many on-line references that go into more of the details of RSA
encryption. A few of these are provided below.
http://www.rsasecurity.com/rsalabs/ - Information from the creators of RSA.
http://pajhome.org.uk/crypt/ - An overview of the RSA encryption algorithm and
mathematics.
http://www.princeton.edu/~matalive/VirtualClassroom/v0.1/html/lab1/lab1_8.html -
Another tutorial on RSA with some demonstration applets.
Quick-Start Guide to Scheme:
The Gnu Scheme interpreter is loaded on the CSE Linux machine “adriatic.” In
order to run the interpreter, use secure shell (SSH) to login to
“adriatic.cse.msu.edu” busing your CSE username and password.
At the command prompt, simply type “scheme” and the interpreter will start.
The Scheme interpreter has its own series of prompts on which code may be
executed directly or through which external files of Scheme code may be loaded.
To load your RSA implementation, simply use (load “rsa.scm”) at the command
prompt (include the parenthesis) from the directory where your file is stored.
Once the file is loaded into the interpreter you may run any of the RSA functions
contained within that file from the interpreter prompt. For example, to encrypt a
message you might use:
(define newmsg (RSA-encrypt “Hello world.” some-public-key))
where: newmsg = variable name corresponding to the encrypted msg.
RSA-encrypt = function name that encrypts a message.
“Hello world” = first argument to the function RSA-encrypt.
some-public-key = previously defined public key for recipient and
second argument to the function RSA-encrypt.
To exit Scheme type (exit) at the interpreter prompt.
Programming Exercises:
1. A series of public and private keys have been provided for you in the file
“rsa.scm.” Start by loading the file into the Scheme interpreter and enter
the following commands:
(define test-public-key1 (key-pair-private test-key-pair1))
(define result1 (rsa-encrypt “This is a test message.” test-public-key1))
Entering result1 at the prompt should yield:
(209185193 793765302 124842465 169313344 117194397 237972864)
Unfortunately, this message cannot be decoded without the function
“RSA-unconvert-list” which is used by the function “RSA-decrypt.” Your
first task is to complete “RSA-unconvert-list.” Hint: this function is
very similar in form to the “RSA-convert-list” function.
Test your function using:
(define test-private-key1 (key-pair-private test-key-pair1))
(RSA-decrypt result1 test-private-key1)
You should get the original message with some trailing spaces. A second
key pair is provided for you as well. You should define these at the
prompt as follows:
(define test-public-key2 (key-pair-public test-key-pair2))
(define test-private-key2 (key-pair-private test-key-pair2))
Now try your hand at encrypting and decrypting some messages. Turn-in
2 additional examples (make sure you specify which keys you used).
2. Now complete the procedure “encrypt-and-sign” that takes a message
to be encrypted and signed, the sender’s private key, and the recipient’s
public key, and produces a signed message that consists of two parts: the
encrypted message and the digital signature. Functions are already
provided in the skeleton program “rsa.scm” that you may find useful for
accomplishing the objectives of the procedure “encrypt-and-sign.”
To test out your function try:
(define result2 (encrypt-and-sign “Test message from user 1 to user 2”
test-private-key1 test-public-key2))
You should get an encrypted, signed message whose message part is:
(499609777 242153055 12244841 376031918 242988502 31156692
221535122 463709109 468341391)
and whose signature is 15378444.
Now encrypt-and-sign the message “I can encrypt and sign” using testprivate-key2 (sender’s key) and test-public-key1 (recipient’s key) as
defined above and hand in the resulting message and signature part.
3. Your next task is to complete the procedure “authenticate-anddecrypt” which inverses the procedure “encrypt-and-sign” to produce an
unencrypted message if the signature is authentic, and conversely,
indicates that the message is not authentic if the signature does not
validate. As a test try to authenticate and decrypt “result2” from the
above exercise:
(authenticate-and-decrypt result2 test-public-key1 test-private-key2)
Dr. Cheng has received a message that purportedly was sent to her by Dr.
Punch. The message is defined in “rsa.scm” as “mystery-coursemessage” with the signature defined as “received-cheng-signature.”
You have been provided with a copy of Dr. Cheng’s private key and your
task is to decrypt the message and authenticate whether or not it came
from Dr. Punch. Turn-in the decrypted message and indicate whether or
not it was actually signed by Dr. Punch.
Next, Presidential candidate John Kerry has received a message define in
“rsa.scm” as “received-mystery-message” with a signature
“received-mystery-signature.” Decrypt this message using John
Kerry’s private key (provided) and figure out who sent it. Turn in your
results.
4. For your last exercise, complete the function “solve-ax+by=1” which
takes two integer arguments “a” and “b” whose GCD is assumed to be 1
and returns a pair of integers “x” and “y”. This procedure solves
equations of the form ax+by = 1 and is used to generate RSA key pairs.
Hint: you will find that the use of recursion is useful for completing this
procedure; let a=bq+r and solve bx+ry=1 recursively.
To demonstrate that your function works correctly, find the integers x and
y that satisfy the equation:
233987973x + 41111687y = 1
and hand-in your results.
In addition, use the procedure “generate-rsa-key-pair” to generate a
key pair for yourself. Hand-in this key pair and show that it can be used
to encrypt and decrypt messages.