E N D
1. Growing Up with Alice and Bob:Three Decades with the RSA Cryptosystem Burt Kaliski, RSA SecurityApril 7, 2006
2. The Vision, c. 1976 Secure communications for everyone, including Alice and Bob:
Confidentiality, integrity, non-repudiation
3. The Challenge Alice and Bob dont have an easy way to set up encryption keys
k2 problem for pairwise keys
Trusted third parties not always mutual
4. The Technology: Public-Key Cryptography Diffie and Hellman 1976
What if encryption, decryption keys were different?
Publish one, keep other secret
Alice and Bob can set up keys just by reading a public directory!
Diffie-Hellman key agreement achieved most of the goals
RSA 1977 has the rest including digital signatures
Contemporaneous work by Merkle, and in classified arena
5. RSA Public-Key Cryptosystem Rivest, Shamir, Adleman 1977
Public key = (n, e)
n: modulus, product of two (or more) large random primes p, q
e: public exponent, typically 3, or 65537
Private key = (n, d)
d: private exponent, such that e*d ? 1 mod (p-1)(q-1)
Key observation: Computing private key requires factors of n, and factoring is a hard problem
6. RSA Public-Key Cryptosystem (contd) Encryption:
c = me mod n
Decryption:
m = cd mod n
Signature:
s = md mod n
Verification:
m =? se mod n
7. The Vision, contd Secure communications for everyone, including Alice and Bob, via public-key cryptography:
8. The Vision, contd Secure communications for everyone, including Alice and Bob, via public-key cryptography:
9. Other Characters in Cryptography
Alice and Bob are joined by several other characters in research papers and books (e.g., Schneiers Applied Cryptography)
10. Lessons Learned along the Road to Commercialization RSA algorithm invented in 1977
Today, the algorithm is in widely implemented
How did we get here? 10 lessons learned along the way.
11. #1: Validation
Publication, peer review
RSA Factoring Challenge
RSA Laboratories
Cryptographic technologies can take years to validate
12. #2: Partnership
IETF Privacy & Security Research Group
Lotus Notes®
Apple, IBM, Microsoft, Motorola, Novell, Sun, Xerox,
13. #3: Product
Patent license?
Hardware circuit?
Software application?
? Software development toolkit
14. #4: Marketing
RSA Conference
Frequently Asked Questions about Todays Cryptography
RSA Laboratories Seminar Series
15. #5: Companion Technologies
Hash functions
Public-key infrastructure
depends on Internet
Desktop computing
depends on Moores Law
16. RSA Signature Times, over Time(Illustrative)
17. #6: Standards
Public-Key Cryptography Standards
PKCS #1: RSA Encryption & Signatures
PKCS #7: Cryptographic Message Syntax
PKCS #11: Cryptographic Token Interface
IETF PKIX, S/MIME
18. #7: Competition
Diffie-Hellman algorithm (Cylink)
Digital Signature Standard (NIST & NSA)
Elliptic Curve Cryptography (Certicom)
19. #8: Application
Secure e-mail?
Signed documents?
? Encrypted Web transactions: Netscape SSL
only server has a public key, at least initially
20. The Vision, Revised Secure communications for everyone via public-key cryptography, server-side first:
21. The Vision, Revised Secure communications for everyone via public-key cryptography, server-side first:
22. #9: Patience
RC2 and RC4: Exportable ciphers
Actually, the vision is being realized the original technology was just a catalyst that got things started
23. #10: People
R-S-A, especially Ron Rivest founders
Jim Bidzos CEO
Addison Fischer lead investor
Steve Dussé, Jeff Fassett, Ginny Kirkley, Kurt Stammberger, Jeff Thompson, Matt Robshaw, Yiqun Lisa Yin, Coni Garcia, Shari Oto and many more
24. Summary of Lessons Learned Validation
Partnership
Product
Marketing
Companion technologies Standards
Competition
Application
Patience
People
25. Timeline 1976: Diffie-Hellman invented
1977: RSA invented
1982: RSA Data Security founded
1983: RSA patent issues
1991: RSA Laboratories launched
1991: PKCS documents published
1991: 1st RSA Conference
1994: Netscape introduces SSL
1995: VeriSign spun out of RSA Data Security
1996: Security Dynamics acquires RSA Data Security
1999: Security Dynamics renamed RSA Security
2000: RSA patent expires
2006: 15th RSA Conference, 1200+ employees, ~50 countries
26. Questions?
27. Contact Information Burt KaliskiChief Scientist, RSA LaboratoriesVice President of Research, RSA Securitybkaliski@rsasecurity.comhttp://www.rsasecurity.com/rsalabs