The world runs on communication. Everyone needs to send and receive information. Unfortunately, digitalization and easy internet access have necessitated the need to send private communications since not everyone online is trustworthy.
Humankind has always found ways to send hidden messages that only the intended recipient could interpret. This form of communication is called cryptography, referring to the ability to encrypt information requiring specific cyphers or methods to decode.
Encryption is critical to a functional and secure digital society. It prevents the easy access of personal and sensitive information by malicious actors with an internet connection. It’s also a significant concern given the average total cost for data breaches of 50 million to 60 million records reached $387 million in 2022.
RSA encryption is one such cryptosystem for private message decryption that uses a public-key algorithm. To better understand what it is, let’s answer the question, “what is data encryption and the public-key encryption algorithm?”
Data Encryption Explained
Data encryption or encipherment involves disguising information as ciphertext. The ciphertext is unintelligible to unauthorized persons. Conversely, decipherment or decryption involves converting ciphertext back into the original format. Manual encryption dates back to the Roman Empire. However, today encryption is a basic process of cryptology and is synonymous with disguising information via electronic methods.
Computers apply an algorithm to encrypt data. An algorithm is a set of instructions or procedures for performing specific tasks on data blocks. A key is a personal encryption name that only the user or transmitter of the message and the intended receiver know.
Today, two primary types of encryption exist:
- Symmetric encryption uses the same key to encrypt and decrypt data, such as Advanced Encryption Standard (AES)
- Asymmetric encryption is also called public-key cryptography because it requires a pair of keys, a public one for encryption and a private one for decryption. The Rivest Shamir Adleman algorithm is a common example.
RSA works because randomly selected encryption keys of sufficient length are almost impregnable.
Public Key Encryption Algorithm
It’s also called the asymmetric algorithm where the sender and receiver use different keys to encrypt and decrypt data. The asymmetric algorithm assigns each sender a pair of keys:
- A public key for encryption
- A private key to decrypt data
Although the two keys are linked, it’s impossible to derive the private key from the public one or decrypt data using a public key. As its name suggests, the public key is well known but private keys are secret and available only to users who own them. In short, everybody can send messages to the user using their public keys but only the intended recipient can decrypt the messages using their private key.
What Is RSA Encryption?
RSA is the most commonly used public-key algorithm. The initials RSA stand for Rivest Shamir Adleman after the mathematician and two computer scientists who first publicly described the algorithm in 1977.
Many protocols such as Secure Shell (SSH), SSL-TLS, S/MIME, and OpenPGP rely on RSA encryption and secure digital signature functions.
The RSA encryption system solves what was once a significant problem in cryptography: how to send a coded message to someone without previously sharing the code with them.
Let’s say you wish to tell someone a secret. If they are right next to you, you can whisper it. However, if they are miles away from you, you cannot. You’d need to use the phone or write it down and mail it. Unfortunately, these communication channels are insecure and anybody with enough motivation can eavesdrop or intercept the message.
One solution to prevent eavesdropping is to encrypt the message. It means adding a code to it that changes it into a jumbled mess. If you use a sufficiently complex code, only those with access to the code can access the original message. Otherwise, it’ll remain unreadable.
If you shared the code with your friend beforehand, you can send encrypted messages anytime because only you two have the code to read the original content.
But what if you did not share the code beforehand? How do you communicate securely? This is a fundamental problem that cryptography addresses using public-key encryption schemes or asymmetric encryption such as RSA.
RSA encryption allows users to encrypt messages with a code called a public key that they can share openly. Due to the specific RSA algorithm’s mathematic properties, once a user encrypts a message with a public key, only a private key can decrypt it. Users have a pair of public and private keys and the latter are kept secret.
Public key encryption systems differ from symmetric-key encryptions which use the same key for encryption and decryption. Therefore, RSA is useful for communicating in cases where users have not safely distributed keys beforehand.
The Use of RSA Encryption
RSA encryption is not suitable for encrypting entire files or messages because it’s more resource-heavy and less efficient than symmetric-key encryption. Therefore, its general practice to use RSA encryption together with other encryption systems or for encrypting digital signatures to prove the integrity and authenticity of messages.
Digital signatures help authenticate and verify files and documents. They prevent tampering during the transmission of official and other sensitive documents and prevent forgery or manipulation. However, digital signatures use private keys for encryption and public keys for decryption to authenticate the origin of the signature.
Users will generally encrypt a file with an asymmetric-key algorithm and use RSA encryption to encrypt the symmetric key. Thus, only an RSA private key can decrypt the symmetric key used and without it, it’s not possible to decrypt the message.
Today, different systems use RSA encryption including OpenSSL, cryptlib, wolfCrypt, and other cryptographic libraries. RSA is also widely used in web browsers, email chats, VPNs, and other communication channels.
Additionally, RSA ensures secure connections between VPN servers and clients. Under protocols like OpenVPN, users can use the RSA algorithm for TLS handshakes to exchange keys and set up secure communication channels.
How RSA Encryption Works
The math supporting RSA encryption is quite complicated to explain in detail. There are several concepts to discuss before diving into the RSA algorithm in cryptography. These include:
- Trap-door functions
- Generating prime numbers
- Carmichael’s totient function
- Generating the public and private keys
Trap-Door Functions
Equations that are simple to compute in one direction and incredibly hard in reverse are called trap-door functions. The underlying premise of RSA cryptography is that the algorithm is relatively easy to compute in one direction and almost impossible in reverse. For example, if you were given 543,111 as a product of two prime numbers, could you figure out the two primes?
Even with a calculator, it’s difficult to know where to start, but flipping things around makes things much easier because:
- 807*673 = 543,111
Still, given543,111 and one prime number, it’s easy to figure out the other as follows:
- 543,111/807 = 673
RSA encryption uses significantly larger numbers. For example, in 2048-bit RSA, the keys would be 617 digits long.
The trap-door functions are the basis for how private and public-key encryption schemes work. Their properties allow the sharing of public keys without revealing the private key or endangering the message.
Generating Prime Numbers
Generating the keys is the first step of encrypting data and the process uses two prime numbers (p and q) selected with a primality test. These are algorithms that efficiently find prime numbers for encryption, such as the Ranbin-Miller primality test. The prime numbers must be large and relatively far apart to make it harder to crack the keys.
Generating the Public and Private Keys
RSA public keys are prime numbers and modulus n. Modulus (mod) is a modulo operation that means the remainder left over after dividing one side or number by the other, such as:
- 10 mod 3 = 1 (3 goes into 10 three time with a remainder of 1)
The following is the formula for generating the public key:
- C = me mod n
After doing all the mathematics and applying the public key (C=me mod n), the final encrypted data is the ciphertext (c).
Private keys are the only keys users can use to decipher ciphertext encrypted with a public key, and they must be of a similar key pair. Private keys are made of d and n and since we already know n, it’s easy to calculate d using the formula:
- d = 1/e mod λ(n)
The RSA algorithm example above shows that the mathematics involved in encryption is complicated and when done right, results in a secure solution.
Benefits of RSA Encryption
There are many advantages of using RSA encryption, including:
- Security: RSA cryptography has a secure algorithm that safeguards data transmission
- Public key cryptography: RSA uses a public key cryptography algorithm for security. It means it uses two different keys to encrypt and decrypt data.
- Key exchange: Since the RSA algorithm uses two keys for encryption and decryption, it’s possible to exchange secret keys without actually sending the private key over the network. It allows the encryption and safe transmission of data without sending decryption keys beforehand.
- Digital signatures: RSA algorithm is perfect for digital signatures because the sender can sign a document or message using a private key while the receiver verifies the signature using a public key.
Challenges of RSA Encryption
RSA faces some challenges that limit its use in some cases because of the capacity of attackers to exploit them. For example, it implements a long key in its encryption algorithm. AES algorithms are unbreakable but asymmetric ones like RSA rely on the size of their keys to make them difficult to crack.
Therefore, longer RSA keys are more secure and difficult to crack than shorter ones. For instance, researchers used prime factorization to crack a 768-bit RSA encryption key in two years.
It took significant resources, but the fact that it’s possible should always factor in conversations about the safety of the RSA cryptosystem. While individuals might not have the capacity to crack such encryptions, governments can do it because they have more resources at their disposal.
NIST recommends a 2048-bit minimum key length, but organizations are turning to 4096-bit key lengths for increased security.
Other RSA disadvantages include:
- Slow processing speed: The RSA algorithm has a slow processing speed compared to other encryption algorithms when dealing with large data amounts. It is not always suitable for applications like those requiring regular encryption and decryption of large data amounts
- Large key size: RSA cryptography requires the use of large key sizes for security. Therefore, it requires more computational power, resource, and storage.
- Vulnerability to side-channel attacks: The algorithm is vulnerable where an attacker uses information leaked through side channels to extract private key information. These channels include power consumption, timing analysis, and electromagnetic radiation.
- Weak key generation: For example, if the two prime numbers selected are too close or if one of the numbers making up one of the key pairs is too small, the algorithm becomes easier to solve.
How Safe Is the RSA Encryption?
Despite the vulnerabilities mentioned, RSA is currently relatively safe to use provided users implement it correctly and use long, hard-to-crack keys. Implementations that fail to use adequately sized prime numbers, or that have other vulnerabilities are not safe.
As long as users remain conscious of the weaknesses and potential vulnerabilities of the RSA encryption algorithm, they can safely use it for key sharing and other tasks like digital signatures requiring public key encryption.
Will future technology like quantum computing affect the RSA algorithm in cryptography?
RSA encryption online is safe at the moment, but the advent of quantum computing could pose challenges in the future. Quantum computers can easily solve certain problems that we currently consider extremely difficult. Since this difficulty is what makes cryptographic systems secure, it’s safe to say that the current size RSA keys will become more vulnerable.
Quantum computers will easily solve the integer factorization problem. However, this future is still far off because quantum computers are still under development and mostly used in research settings. Cybersecurity industry players are also constantly looking to improve public-key algorithms to ensure their security in a post-quantum world.
Optimal Asymmetric Encryption Padding (OAEP) is now the primary standard padding for RSA public key encryption. Padding allows the formatting of messages before their encryption to attain higher security levels, ruling out basic attacks.
Conclusion
Veritas Technologies is a U.S.-based international data management company. We work to solve your data management challenges and help secure sensitive data from dangers like cyberattacks, human error, or natural catastrophes.
Veritas helps organizations of all sizes overcome the complexities of protecting and managing their business-critical data. Our integrated product portfolio provides a unified data services and management experience and delivers unmatched edge-to-cloud performance and versatility.
We offer other state-of-the-art solutions, such as Veritas Backup Exec for small enterprises and Veritas InfoScale for data storage and disaster recovery. Our solutions make it easier to adhere to major data privacy laws like HIPAA, GDPR, and CCPA.
Veritas customers include 95% of the Fortune 100, andNetBackup™is the #1 choice for enterprises looking to protectlarge amounts of data.
Learn how Veritaskeeps your data fully protectedacross virtual, physical,cloudand legacy workloads withData Protection Services for Enterprise Businesses.
