SAI Computing Conference 2016 July 13-15, 2016 | London, UK A-RSA: Augmented RSA Abdallah Karakra and Ahmad Alsadeh Faculty of Engineering and Technology Birzeit University P.O.Box 14-Birzeit, Palestine Email:{akarakra,asadeh}@birzeit.edu Abstract—Today, RSA algorithm is the most widely used public-key cryptosystem around the world. It is used for security in everything from online shopping to cell phones. However, the basic RSA is not semantically secure, i.e., encrypting the same message more than once always gives the same ciphertext. For this reason, the basic RSA is vulnerable to set of indirect attacks, such as known plaintext, chosen plaintext, timing, common modulus, and frequency of blocks (FOB) attacks. Moreover, RSA is known to be much slower than the standards symmetric key encryption and it does not used for encrypting large data. In this paper, we design and implement a swift and secure variant of RSA based on Rabin and Huffman coding called Augmented RSA (A-RSA) to solve aforementioned limitations of the basic RSA. A new additional randomization component r is added in A-RSA. This component is encrypted by Rabin algorithm to improve the security level of RSA against the indirect attacks and make RSA semantically secure. Moreover, A-RSA makes the factorization problem harder, since the attackers need to break the factorization of large numbers for both RSA and Rabin. Besides, employing Huffman Coding compression in ARSA prevents FOB attack and speeds up the execution time for the A-RSA. Our testing results over set of file sizes of 1MB, 2MB, 3MB, to 10 MB show that A-RSA’s average execution time is equal to 0.55 of the average execution time of the basic RSA in encryption process and 0.01 in decryption process. Also, we found that RSA system increases the size of ciphertext by 1% compared to the original file size, while the average size of A-RSA files is equal 0.46 of its original sizes. Keywords—Public-key Cryptosystems; RSA; Rabin; Huffman Coding; Semantically Secure; RSA Attacks. In fact, RSA has some limitations and downsides. The use of RSA for encrypting large-scale data is a challenging issue, referable to the computational intensive characteristics of the RSA arithmetic operations. Diffie states that “the restriction of public-key cryptography to key management and signature applications is almost universally accepted” [6]. Since RSA is not practical and takes long time for encrypting and decrypting large data [7], the RSA usage is limited for authentication capabilities, or exchange keys between two parties, and then use another symmetric key for encrypting the entire data. In addition, basic RSA not semantically secure [8], which make the algorithm vulnerable to some types of indirect attacks, such as known-plaintext-attack (NPA), chosen-plaintext attack(CPA), timing attack (TA), frequency of blocks (FOB) and, common modulus attack (CMA). Moreover, encrypting data using RSA generates ciphertext greater than the original plaintext. Different implementation and optimization methods have been suggested to enhance the execution time of RSA algorithm [5], [9], [10]. Some other approaches have been proposed to make RSA semantically secure, such as blinding the message during the encryption process [11]. In this paper, we suggest an enhanced variant of RSA called Augmented RSA (A-RSA). A-RSA is designed and implemented in away to boost three sensitive factors of RSA; encryption and decryption execution time, space, and security. We summarize our main contributions as follows: 1) I. I NTRODUCTION RSA was developed by Rivest, Shamir and Adleman in 1978 [1]. RSA uses two keys, private and public, where the private-key is kept secret and the public-key is published publicly. One key can be used for encryption and the other is used for decryption. RSA security is based on the hardness of factoring large prime integers. To date, it has been considered that factoring large prime integers is a hard problem, thus RSA is secure. Currently, RSA modulus should be 1024 bits long or greater to be considered secure. RSA is the most widely used cryptosystem around the world [2], [3]. It is used in digital signatures, keys exchange and encrypting data. Many security protocols depends on RSA, such as Transport Layer Security (TLS) protocol which is used in Internet-based e-commerce [4]. In addition, it is used for protecting emails and traffic of the web, and it is used for securing some of the wireless devices and network resources [5]. Therefore, any leak in the RSA security will lead to security breaches in the Internet applications that rely on the RSA and make them vulnerable to the attacks. 2) 3) Augment RSA cryptosystem to make it more secure against CMA, NPA, CPA, and TA; by adding a randomized component r to the basic RSA and encrypting this component by another public-key cryptosytem called Rabin. This makes RSA semantically secure against these attacks by generating different ciphertexts for the same message. Also, this makes RSA stronger against brute force attack, since the attackers need to break the factorization of large numbers for both RSA and Rabin. Consequently, the attackers will require longer time than before. Thwart the FOB attack by using Huffman coding. Huffman coding compresses data in away to reduce the redundancy in the message, which helps to prevent this attack. Enhance the execution time comparing with the basic RSA by using Huffman coding. Also, by encrypting part of the message, while blinding the other part of the same message using XOR-operator (⊕), since ⊕ operator is always faster than multiplication, division and addition. Our experimental results show that ARSA is faster than basic RSA by about 45% in www.saiconference.com 1016 | P a g e SAI Computing Conference 2016 July 13-15, 2016 | London, UK 4) encryption process and around 99% in decryption process. Reduce the sizes of large data by using Huffman coding make it feasible to use A-RSA for encrypting large files. A-RSA reduces the size of encrypted file by 54% from the original sizes. This reduction depends on the number of occurrences of the symbols inside the file. While RSA system increases the size of ciphertext by approximately 1% compared to the original file size. This paper is organized as follows: Section II presents the important definitions and concepts of encryption methods that are related to the remaining sections in this paper. Also, we discuss the most important public-key cryptosystems. Section III discusses some of indirect attacks against RSA cryptosystem and their countermeasure. Section IV presents our approach to enhance RSA called A-RSA cryptosystem. Section V presents a security analysis of A-RSA. Section VI compares the performance of A-RSA with basic RSA. Finally, the conclusion is given in section VII. II. BACKGROUND A powerful technique for protecting data is the use of cryptography. Cryptography is the science or the art for protecting data [12]. It enables us to store or to transmit sensitive data over insecure channels. The data is scrambled (encrypted) to be unreadable to anyone other than intended persons. Converting the encrypted data into its original is called decryption. The cryptographic techniques can be classified into two groups based on the number of used keys in encryption and decryption processes; Symmetric (is known also as shared, conventional, secret-key, or single-key) encryption and asymmetric (public-key) encryption. Each of these techniques has its own characteristics and is used in a variant way based on the need. A. Symmetric Key Encryption Symmetric key encryption in which the sender and receiver share the same secret key (K) for encryption and decryption process. For example, when Alice wants to send Bob a message M , she encrypts M using K to produce the ciphertext such that C = E(M, K), where E is the encryption function, and send C to Bob. He in role decrypts the ciphertext such as M = D(C, K), where D is the decryption function, by using the same K to recover the original message M . The security of symmetric encryption process depends on several factors. First, building strong encryption algorithm known to everyone, where no one can break it to figure out the secret key or to decipher the ciphertext to find the plaintext [13]. Second, the key must be long enough to avoid the possibility of finding the key through the brute force search. If the key is known to the adversary in anyway, then entire encryption process will be broken. Therefore, the key must be kept secret between the two authorized communicated parties (sender and receiver). However, sharing or exchanging the same key between the two communicated parties is not a trivial task. The communicated parties may exchange the key physically. That is, Alice chooses the key and physically delivered to Bob. However, if there is a fare distance between them, exchanging keys physically is not a good solution, since how many minutes, hours or days one needs for exchanging the key physically. If the two parties want to change the key more than once, one of them should travel to other to deliver the new key. If there are more than two parties like three, four, or more, where each one of them in different countries, it is more difficult to do that. Thus they may look for another approach to exchange the key. As, at the first time they exchange the key physically, and then they use the recent key for encrypting the newly one. But if the attacker in somehow succeeds in gaining access to one key, then all of the subsequent keys are compromised, and the ciphertext will be disclosed. B. Public-Key Encryption Public-key encryption was introduced in 1976 by Diffie and Hellman to solve the key distribution problem [14]. Publickey encryption, also called asymmetric encryption, where one party has a secret key called private-key and the other party has a public-key. The private-key must be kept secret, while the public is published, so no need for the sender and receiver to share secret information, all communications involve only public-keys, and no private-keys are ever transmitted or shared. When Alice wants to send Bob a message M , she uses the Bob’s public-key KUB for encrypting M such that C = E(M, KUB ), while Bob uses his private-key KRB for decrypting the ciphertext C such that M = D(C, KRB ) to recover the original message M . Therefore, there is no secret key exchanged between Alice and Bob. Currently, there are many public-key algorithms, such as Diffie-Hellman [15], RSA [1], Rabin [16], ElGamal [17], Elliptic Curve Cryptography (ECC) [18], [19], and others. Diffie-Hellman algorithm is used for exchanging a secret key between two parties securely, then they use the exchanged key to encrypt the subsequent messages using symmetric key encryption algorithm [20]. The security of Diffie-Hellman depends on the difficulty of computing discrete logarithms [14]. However, the algorithm itself suffers from the man-in-themiddle attack, since it does not authenticate the communicating parties [21]. ElGamal public-key system also depends on discrete logarithms of a large prime modulus [17]. It is closely related to the Diffie-Hellman technique. ElGamal is not deterministic algorithm [22], encrypting the same plaintext gives a different ciphertext, but unfortunately the algorithm has a disadvantage related to the message size, such as the size of the ciphertext is twice the size of the original message [17]. RSA is most widely accepted as trusted public-key cryptosystem, its security depends on the idea of the hardness of factoring large integers [23], [24]. However, the main disadvantage of current RSA encryption schemes is the computational overhead. Rabin encryption algorithm is a publickey algorithm, whose security similar to the RSA, based on the hardness of integer factorization. In [16], Michael Rabin proved that Rabin is more secure than RSA, since Rabin is hard as hard of integer factorization, which is not true for the RSA. ECC is a public-key that provides equal protection to the RSA by using smaller key size [25]. Since the algorithm is new, the confidence level of using it is not yet as high as that www.saiconference.com 1017 | P a g e SAI Computing Conference 2016 July 13-15, 2016 | London, UK in RSA [13]. The critical disadvantages of ECC is significant increase in the size of the encrypted message comparing to the RSA encryption [26]. In this paper, we focus on RSA and Rabin algorithms since they are similar in some process like encryption. Also, the two algorithms depends on the integer factorization. But this is a suggested approach, Rabin can be replaced by another publickey cryptosystem like ECC. For using RSA cryptosystem, the sender and the receiver need to have their own key pairs. Bob generates the RSA key pair (KUB , KRB ). He publishes his public-key while keeping the private-key secret. If Alice wishes to use RSA for encrypting a message M and send it to Bob, she uses the Bob’s public-key (KUB ) for encrypting M . Once Bob receives the encrypted message C, he uses his private-key for decrypting C and retrieving M . Algorithm 1 summarizes the RSA cryptosystem steps. Algorithm 1 : Basic RSA Cryptosystem Step 1: RSA Generating public/private key pair at the receiver side 1: Choose two distinct large prime integers p and q. 2: Compute N = pq. 3: Compute Euler’s totient function φ(N ) = (p − 1)(q − 1). 4: Choose an integer e (public exponent), such that 1<e<φ(N ) and gcd(e,φ(N ))=1. 5: Find an integer d (private exponent), such as ed = 1 mod φ(N ). 6: Publish the public-key (N ,e) and keep d, p, q, and φ(N ) secret. Step 2: RSA encryption process at sender side 1: Encrypt M by computing C = M e mod N , where 0<M <N − 1. Step 3: RSA description process receiver side 1: Decrypt C to get the original message M = C d mod N . Rabin algorithm has been developed by Michael Rabin in 1979. The security of a Rabin algorithm is based on the difficulty of factoring large integers. Rabin algorithm is depicted in Algorithm 2. As Srivastava and Mathur state in [27], the main disadvantage of Rabin algorithm is the extra complexity required in decryption process for identifying the corresponding plaintext M from the four possible roots. That is, there are four possible output roots Mi where i = 1, 2, 3, 4 generated from the decryption process. Thus, we need extra time to know which Mi represents the original message M .To make it is easier to distinguish the correct message from the four roots, we pad the message before encryption. After decryption, only one from the four possible messages will contain that special padding characters. After introducing RSA and Rabin cryptosystems, in the following section we present the indrect attacks against the basic RSA. III. RSA I NDIRECT ATTACKS RSA encryption algorithm is secure as no one gets other than the public-key, otherwise the algorithm is not secure. For example, (d, p, q, φ(N )) are the important four RSA Algorithm 2 : Rabin Cryptosystem Step 1: Generating public/private key pair at the receiver side 1: Choose two distinct large prime integers p and q in the form 4k + 3. 2: Compute n = pq. 3: Publish the public-key (n) and Keep the private-key (p, q) secret. Step 2: Rabin encryption process at sender side 1: Encrypt M by computing C = M 2 mod n, where 0<M <n − 1. Step 3: Rabin description process receiver side 1: Decrypt C by using the private-key (p, q) as follows: • Compute R = C (p+1)/4 mod p and S = C (q+1)/4 mod q • Find a, b such that ap + bq = 1 • Find M1 = (apS + bqR) mod n, M2 = (n − M1 ), M3 = (apS − bqR) mod n and M4 = (n − M3 ) • Choose which Mi is the correct root (plaintext M ), where i = 1, 2, 3, 4. parameters that form the RSA trap-door. If any one of these parameters are known, then the RSA will be compromised completely [11]. There are different possible approaches to attacking RSA cryptosystem. We can put them into two main categories; direct and indirect attacks. Direct attack includes mathematical and brute-force attacks. The mathematical attacks represented by the effort to factorize the product of two large prime integers, which is widely believed to be a hard problem. In the bruteforce attack the attacker tries all possible combinations to find to the private-key. The defense against the brute-force attack is to use a large key space. In indirect attacks the attackers try to exploit the weaknesses of the algorithm implementation or depending on other information available to them to generate their attacks. The basic RSA is a deterministic algorithm, which means the message has always the same encryption for same key. This property enable attackers to successfully launch many kinds of indirect attacks, such as common modulus attack, knownplaintext attack, chosen-plaintext attack and timing attack. This paper focus on the following indirect attacks, which are important for the remaining of this paper. The paper does not cover the chosen-ciphertext attacks (CCA) and the Hardware fault-based attack [28]. A. Common Modulus Attack (CMA) Suppose a message M is encrypted twice by using RSA cryptosystem using the same modulus N = pq with different public-keys (e1 , N ) and (e2 , N ) such that gcd(e1 , e2 ) = 1. If the attacker know C1 = M e1 mod N and C2 = M e2 mod N , then she can recover the original message M [11], [29]. For knowing e1 and e2 , find two integers a and b such that a × e1 +b×e2 = 1 using the Extended Euclidean Algorithm. Then compute C1 a C2 b ≡ M a×e1 M b×e2 ≡ M a×e1 +b×e2 ≡ M . This implies that any party can obtain the public-keys and the corresponding ciphertexts could be capable to intercept all the www.saiconference.com 1018 | P a g e SAI Computing Conference 2016 July 13-15, 2016 | London, UK messages which would be encrypted twice to different users. One of the suggestions to protect RSA from common modules attack is to never use common modules in RSA [11]. B. Known-Plaintext Attack (KPA) In this type of attack, the adversary may be able to capture a set of plaintexts with its corresponding ciphertexts, to build the set S = {(P1 , C1 ), (P2 , C2 ), ..., (Pi , Ci )}, where Pi ∈ plaintext and Ci ∈ ciphertext [13], [30]. The attacker can used any later captured messages encrypted with the same key to find the plaintext Pi if the corresponding Ci is in set S. Because the basic RSA is a deterministic algorithm, encrypting the same message more than once with the same key gives the same ciphertext. Based on the pre-built set S, the adversary can use any later captured data to find the plaintext Pi+1 if the corresponding Ci+1 is in the set S. Accordingly, the adversary who obtain partial of plaintext, can guess the other parts. C. Chosen-Plaintext Attack (CPA) is then used for encrypting the entire message. Nevertheless, RSA cryptosystem works on block cipher manner where the message is divided into a number of blocks based on the size of the block. The block size can be chosen between 1 to N −1 for some N . The basic RSA suffers from Frequency of Blocks (FOB) attack. When one of the blocks repeated within the same message, then the block has the ciphertext similar to that in the first block. The main cause of this problem return to the fact that basic RSA is deterministic algorithm. The following example shows how basic RSA is not secure against this attack. Suppose the block size is 127 bytes and the message size is 635 bytes, so the number of blocks are 5. If two blocks are repeated within the same message, each of them will have the same ciphertext. If the attacker in somehow know that the message contains repeated block, may exploit this weakness to find the plaintext. To the best of our knowledge, no one points to this type of attack in RSA. The reason may refer to the fact that RSA is usually used for key exchange and digital signature, instead of encrypting the majority of data.1 . This attack is similar to known-plaintext attack but the adversary has more power, The adversary chooses an arbitrary message M and in somehow she is able to insert the chooses M into the system to get the corresponding ciphertext [13]. Thus, the attacker can build a set of plaintexts-ciphertexts, such as S = {(P1 , C1 ), (P2 , C2 ), ..., (Pi , Ci )}, where Pi ∈ plaintext and Ci ∈ ciphertext. A-RSA cryptosystem has two new additions besides the basic RSA and Rabin algorithms; Huffman coding and Random component r. The basic RSA and Rabin are explained in Section II. Here, we discuss the other two modifications in more details. D. Timing Attack (TA) A. Huffman Coding in A-RSA Cryptosystem In this type of attack, the attacker obtains the information based on the implementation of the algorithm itself, without exploiting any weakness in the mathematical approach that the algorithm applied [31]. The attacker exploits the variance of the time in cryptographic operations. That is, the computations performed by a cryptographic algorithm takes a different amount of time based on the input and the value of the secret parameter in addition to the performance of the system that involved in this computation. If RSA private-key operations can be timed accurately, statistical analysis can be used to obtain the secret key involved in the computations. Kocher demonstrates this kind of attack in [32] by computing how long a computer takes to decrypt a message. Boneh [8] show that the attacker can recover the private-key d one bit at a time until the secret exponent d is known. One suggestion to prevent timing attack is to use random component as shown in Algorithm 3 [11]. According to the Simmons [34], cryptographers consider data compression algorithms as a ciphering scheme. Also, Shannon [35] suggested that reducing the redundancy in data before encryption, protect it against statistical analysis. Therefore, we use Huffman coding to achieve Simmons and Shannon suggestions. IV. AUGMENTED RSA E. Frequency of Blocks Attack (FOB) Huffman coding is a common method for data compression [36]. It is an algorithm that uses for lossless data compression, where the original data can be recovered exactly from the compressed data. The algorithm is used to compress data (symbols or alphabet) to generate variable-length codes instead of fixed-length codes for each symbol. Given a set of symbols in a file, the algorithm performs some statistical analysis to construct a table that contains the frequencies of occurrence for each symbol. The algorithm uses the constructed frequency table to build Huffman tree, which is used to assign each symbol with its appropriate code length based on the symbol occurrence. The result of applying Huffman coding on the data file is two files; binary file (B) and header file (H). The binary file depends on the header file for retrieving the original data. Thus, if the header file is lost, then the true data cannot be retrieved. The header file contains all symbols of the original data file or its corresponding ASCII codes. The header file contains unique symbols assigned with its occurrence, where no symbol is repeated twice. The binary file contains the code for each symbol. RSA is a kind of block cipher cryptosystem even it is not intended to be used as a block cipher. RSA is typically used for encrypting small pieces of data, such as symmetric key that 1 FOB attack exists in symmetric key encryption, and many techniques are used to solve it, such as using cipher block chaining (CBC) mode, cipher feedback (CFB) mode and counter mode (CTR) [33]. Algorithm 3 : Anti-Timing attack ∗ 1: Generate a secret random number r ∈ ZN . ′ e 2: Compute C = C × r mod N . 3: Compute M ′ = C ′d mod N . 4: Compute M = M ′ × r −1 mod N . www.saiconference.com 1019 | P a g e SAI Computing Conference 2016 July 13-15, 2016 | London, UK A-RSA system depends on Huffman coding for enhancing security and speeds up the encryption and decryption processes. The Huffman coding output characters have the same level of distribution and this in turn solve the FOB attack. To enhance the execution time, A-RSA encrypts the header file and blinds the binary file instead of encrypting the entire message. Blinding the binary file by r parameter makes the encrypted message semantically secure. Consider the following example to explain the usage of Huffman coding in A-RSA. Let the message before compression is (Hello, this message is created by Alice.). Before compression, the number of bits in this message = 41 × 8 = 328 bits, since each symbol represents in 8 bits (fixed length). Deploying Huffman coding produces the corresponding header and binary files for the above message. Header File: sp101e110s000c0101l1000i1110t0110d00111A00 110a11110o00100m10010H01000,01110r00101y01 001À01111g111110b100111.111111h100110 Binary File: 010001101000100000100011101010110100110111 000010110010110000000111101111101101011110 000101010100101110111100110110001111011001 110100110100110100011100101110111111011110 The number of bits for the compressed message in the binary file is equal to 167 bits. Each symbol represents in the binary file is assigned to different length of binary code based on its frequency of occurrence. For example, we represent the characters e by 110 and a with 11110. The character e has shorter binary code comparing with a, since e is repeated in the message 6 times, while a is repeated 2 times. For un-compressing the message, first read the header file and use its information to build the Huffman tree. Second, read the binary file bit by bit, then begin from the root of the tree. When finding the 0 bit, move to the left on the tree; when finding the 1 bit, move to the right on the tree until finding a leaf node (we have found the symbol). Then repeat the process for all remaining bits until all message characters are retrieved. compressing the message and produces the header and binary files. The header file is encrypted using RSA C = H e mod N . To make encryption process semantically secure, we choose a random component r and calculate a new ciphertext C ′ = C ⊕ r. We called the C ′ Mixture. To make the binary file B semantically secure, B is blinded with r, such as B ′ = B ⊕ r. The random component r should be protected, so we use Rabin encryption algorithm for encrypting r. Algorithm 4 : A-RSA Cryptosystem Step 1: Keys generation at receiver side 1: Compute RSA public/private keys as explained in Algorithm 1 2: Compute Rabin public/private keys as explained in Algorithm 2 Step 2: Encryption preparation at sender side 1: Generate a random component r for each message 2: Compress message using Huffman code. The outputs from Huffman code are: • Binary file (B) • Header file (H) Step 3: Encryption at sender side 1: Encrypt H by RSA and the result is C = H e mod N , where 0<H<N − 1 2: Blind C by r to generate the mixture C ′ = C ⊕ r 3: Blind binary file B by r to generate B ′ = B ⊕ r 4: Encrypt r by Rabin and the r ′ = r 2 mod N Step 3: Description at receiver side 1: Decrypt r using Rabin cryptosystem as explained in Algorithm 2 2: Compute C from the mixture C = C ′ ⊕ r 3: Compute B = B ′ ⊕ r 4: Decrypt C using RSA decryption to generate H = C d mod N Step 4: Uncompressed the message at receiver side 1: Pass the H and B to Huffman code to reconstruct the message V. B. Random Component (r) in A-RSA We use a randomized component r in A-RSA cryptosystem to make the encryption process semantically secure. Each time the message is encrypted, different ciphertext is obtained. Therefore, it is hard for an attacker to learn from the ciphertext about the original message, because ciphertexts for the same message look different. We use the letter r to denote the randomized component, where r is a random number generated by using a cryptographically secure pseudo-random number generator and used once for each message (nonce). We use r for blinding the ciphertext of the header file and blinding the binary file. In the case of r less than the ciphertext, we repeat r many times to be as the length of the ciphertext and if the r greater than the ciphertext, we remove the number of bits from r to be as the same length of the ciphertext. And applying the same idea when blinding the binary file. Algorithm 4 summarizes the A-RSA cryptosystem encryption and decryption processes. Huffman code is used for A-RSA SECURITY ANALYSIS A-RSA cryptosystem is semantically secure and mitigates the indirect attacks. Choosing a message M and two different random components r1 and r2 , leads to different ciphers for the same message as shown in Algorithm 4. The attacker cannot know if these ciphertext related to one message or to the different messages. While it was not the case for the basic RSA where encrypting the message with same key always gives the same ciphertext. The semantically secure property of A-RSA solves the attacks presented in section III. 1) A-RSA cryptosystem is secure against the common modulus attack. This attack is used to recover the message that was encrypted using two RSA keys by using the same modules N with different public exponents. In the case of A-RSA cryptosystem, the attacker cannot find the message since C1′ = C1 ⊕ r and C2′ = C2 ⊕ r. Thus, applying the formula b a C1′ C2′ ≡ M ′ where M ′ 6= M . www.saiconference.com 1020 | P a g e SAI Computing Conference 2016 July 13-15, 2016 | London, UK 2) 3) 4) 5) 6) A-RSA cryptosystem is protected from knownplaintext attack. A-RSA cryptosystem is not deterministic, since it depends on random component that makes the ciphertext always different, even if the same message is encrypted more than one time with the same key. The attacker cannot guess the right plaintext-ciphertext pair. Given {(P1 , C1′ ), (P2 , C2′ ), ..., (Pi , Ci′ )}. Where Ci′ = Ci ⊕ ri for r1 6= r2 6= r3 , ..., 6= ri . Since each ciphertext is blinded with different r, the attacker cannot guess further new plaintext based on a pre-built set of plaintext-ciphertext. A-RSA cryptosystem is protected from chosenplaintext attack because it depends on r, where each message has different r. That is encrypting the same message more than once produces different ciphers, so no one can build a unique set like S that contains plaintext with corresponding ciphertext. A-RSA cryptosystem is secure against timing attack. In A-RSA cryptosystem the attacker still needs the random component r to decrypt the ciphertext, finding d does not allow the attacker to decrypt the message without r since r is XORed with the ciphertext. Thus, the decryption time depends on the random component and this add some confusion to the attacker. A-RSA cryptosystem is protected from the frequency of blocks (FOB) attack, since it compresses the message before the encryption. Consequently, the characters in the compressed message has a uniform distribution and thus no repeated blocks are produced for the same message after applying A-RSA cryptosystem. The brute-force and the factorization attacks against A-RSA are much harder than in basic RSA, since ARSA relies on the basic RSA and Rabin. Therefore, the brute-force attack have to be carried out against two keys and the factorization have to be done against two public cryptosystems. VI. A-RSA PERFORMANCE ANALYSIS For testing the performance of A-RSA cryptosystem comparing with the basic RSA, we carried out a set of experiments on different PCs. PC1 is Dell machine runs Windows 7 Professional SP1 with 32-bit on Intel(R) Core(TM), i7-2640M, CPU 2.80 GHz, and 8.00 GB RAM. PC2 is Lenovo machine runs Windows 7 Ultimate SP1 with 32-bit on Intel(R) Core(TM), i5-2520M, CPU 2.50 GHz, and 4.00 GB RAM. PC3 is Dell machine runs Windows 7 Ultimate SP1 with 64-bit on Intel(R) Core(TM), i7-2630QM, CPU 2.00 GHz, and 8.00 GB RAM. We select N = 1024 bits and a standard public exponent e = 65537 for RSA. We use ten files with different sizes from 1MB to 10MB. Each file is encrypted three times with both RSA and A-RSA cryptosystems and we compute the average of these reading times. Figure 1 shows the behavior of RSA and A-RSA in encryption process for different file sizes. Actually, the figure represents the average execution time. Each point on the chart represents the average of the execution time for three PC’s for each cryptosystem. For instance, the point (1, 2.88) represents Fig. 1. Encryption Time for RSA and A-RSA Cryptosystems. the average of (2.5,3.02,3.11) for RSA, and the point (1,2.91) represents the average of (2.82,2.65,3.26) for A-RSA. Figure 1 shows that the encryption time directly proportional to the file size for both cryptosystems, but A-RSA is significantly faster than basic RSA. This speedup in the encryption time refers to the fact that A-RSA does not encrypt the entire message. It encrypts the header file and blinds the binary file, which is generated from compression phase. However, A-RSA is slower than basic RSA in encryption process for 1MB file. A-RSA encrypts 1MB file within 2.91s while it takes 2.88s using the basic RSA. The reason behind this fact is that A-RSA encryption process passes through four phases: statistical analysis, compression, encryption and blinding of the message. Since the 1MB is relatively small size, the analysis, compression, and blinding may take more time than the encryption itself. The behavior of RSA and A-RSA in decryption process is depicted in Figure 2. A-RSA is faster than the basic RSA in decryption process because RSA needs to decrypt the entire message, but A-RSA just needs to decrypt the header file which is much smaller than the entire message. Comparing Figure 2 with Figure 1, one can see that the speedup ratio between the A-RSA and the basic RSA in decryption process is much better than in the encryption. Also, there is a big difference in the execution time of encryption and decryption and this returns to the two reasons. First, private exponent d is larger than public exponent e. Second, when encrypting the file using RSA, the encrypted file (ciphertext) is greater than original file. In the basic RSA, the encryption is faster than decryption or may equally, but this is not the case for A-RSA system. A-RSA decryption process is faster than the encryption. The reason for this observation is existence of four phases in A-RSA encryption process (analysis, compression, encryption and blinding), but there are three phases in A-RSA decryption process that make its decryption faster (un-blinding, decryption and un-compression). Taking the overall average of encryption and decryption times of 10 files from the three PCs shows that A-RSA cryptosystem is faster than basic RSA by www.saiconference.com 1021 | P a g e SAI Computing Conference 2016 July 13-15, 2016 | London, UK We suggested a new modifications to enhance RSA cryptosystem called A-RSA. This enhanced RSA combines the basic RSA with another cryptosystem called Rabin. A randomized component r is added to the RSA to make it semantically secure and this component is encrypted by Rabin. A-RSA uses Huffman coding algorithm to remove the redundancy in the message based on statistical analysis to generate Header H and Binary B files. A-RSA encrypts H and blinds B with r instead of the encrypting the entire message. The enhanced version of RSA is more secure, faster encryption and decryption, and has shorter encrypted message size comparing with the basic RSA. Thus, A-RSA cryptosystem has the following characteristics: 1) 2) 3) 4) 5) Fig. 2. Semantically secure compering to the basic RSA. Secure against frequency of block attacks. More secure against brute-force attack than the RSA. Faster encryption and decryption compare with basic RSA. Produce shorter cipher size. Decryption Time for RSA and A-RSA Cryptosystems A-RSA cryptosystem could be the better choice for encrypting large data in a secure and fast manner over a public network. Due the drastically improvement in the A-RSA encryption and decryption time, it might more convenient to use only the A-RSA for encryption and decryption without the use of another symmetric key for encrypting the entire message. R EFERENCES [1] [2] Fig. 3. RSA and A-RSA Ciphertext Size 45% in encryption process and 99% in decryption process. A-RSA cryptosystem uses Huffman compression algorithm to reduce file sizes. Thus, the files generated from A-RSA system are smaller than the original files, which is helping for reducing resource usage, such as data storage space. Figure 3 shows the size of ten files after the encryption by using RSA and A-RSA cryptosystems. A-RSA cryptosystem results in an efficient use of the space. We found that RSA system increases the size of ciphertext by 1% compared to the original file size, while A-RSA cryptosystem reduces the file size by 54% from the original size. However, the percentage of file size reduction by using A-RSA cryptosystem depends on the number of occurrences of the symbols inside the file. [3] [4] [5] [6] [7] [8] [9] [10] VII. S UMMARY AND C ONCLUSION RSA is popular and most widely used cryptosystem through the years until now, it is used in different applications and protocols. Even though, RSA seems to be robust and secure, attackers succeeded to exploit some properties of RSA algorithm and its implementation to carry out some attacks, such as common modulus, known-plaintext, chosen-plaintext, and timing attacks. Moreover, RSA does not solved block redundancy in the message. Besides, RSA is a time consuming algorithm, its speed is very slow comparing with symmetric key encryption algorithms like AES algorithm. [11] [12] [13] [14] [15] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, vol. 21, no. 2, pp. 120–126, 1978. Z. Wang, Z. Jia, L. Ju, and R. Chen, “Asip-based design and implementation of rsa for embedded systems,” in High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems (HPCC-ICESS), 2012 IEEE 14th International Conference on. IEEE, 2012, pp. 1375–1382. A. Freier, P. Karlton, and P. Kocher, “The secure sockets layer (ssl) protocol version 3.0,” August 2011, rFC6101. T. Dierks and E. Rescorla, “The transport layer security (tls) protocol version 1.2,” August 2008, rFC5246. D. Boneh and H. Shacham, “Fast variants of rsa,” CryptoBytes, vol. 5, no. 1, pp. 1–9, 2002. W. Diffie, “The first ten years of public-key cryptography,” Proceedings of the IEEE, vol. 76, no. 5, pp. 560–577, 1988. H. Orman and P. Hoffman, “Determining strengths for public keys used for exchanging symmetric keys,” 2004, rFC3766. D. Boneh, “Twenty years of attacks on the rsa cryptosystem,” Notices of the AMS, vol. 46, no. 2, pp. 203–213, 1999. T. Takagi, “Fast rsa-type cryptosystem modulo p k q,” in Advances in Cryptology–CRYPTO’98. Springer, 1998, pp. 318–326. R.-J. Hwang, F.-F. Su, Y.-S. Yeh, and C.-Y. Chen, “An efficient decryption method for rsa cryptosystem,” in Advanced Information Networking and Applications, 2005. AINA 2005. 19th International Conference on, vol. 1. IEEE, 2005, pp. 585–590. S. Y. Yan, Cryptanalytic attacks on RSA. Springer, 2007. M. Bishop, “What is computer security?” Security & Privacy, IEEE, vol. 1, no. 1, pp. 67–69, 2003. W. Stallings, Network security essentials applications and standards, 5th. Pearson Education, 2013. W. Diffie and M. E. Hellman, “New directions in cryptography,” Information Theory, IEEE Transactions on, vol. 22, no. 6, pp. 644– 654, 1976. E. Rescorla, “Diffie-hellman key agreement method,” June 1999, rFC2631. www.saiconference.com 1022 | P a g e SAI Computing Conference 2016 July 13-15, 2016 | London, UK [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36] M. O. Rabin, “Digitalized signatures and public-key functions as intractable as factorization,” Massachusetts Institute of Technology, Tech. Rep., 1979. T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” in Advances in Cryptology. Springer, 1985, pp. 10–18. N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 48, no. 177, pp. 203–209, Jan. 1987, american Mathematical Society. V. S. Miller, “Use of elliptic curves in cryptography,” in Lecture Notes in Computer Sciences; on Advances in cryptology—CRYPTO 85, vol. 218. Springer-Verlag New York, Inc., 1986, pp. 417–426. E. Fujisaki and T. Okamoto, “Secure integration of asymmetric and symmetric encryption schemes,” in Advances in Cryptology– CRYPTO’99. Springer, 1999, pp. 537–554. L. Harn, W.-J. Hsin, and M. Mehta, “Authenticated diffie–hellman key agreement protocol using a single cryptographic assumption,” IEE Proceedings-Communications, vol. 152, no. 4, pp. 404–410, 2005. M. Bellare, A. Boldyreva, A. Desai, and D. Pointcheval, “Key-privacy in public-key encryption,” in Advances in Cryptology–ASIACRYPT 2001. Springer, 2001, pp. 566–582. R. S. Douglas, “Cryptography theory and practice,” 1995. S. Sharma, P. Sharma, and R. S. Dhakar, “Rsa algorithm using modified subset sum cryptosystem,” in Computer and Communication Technology (ICCCT), 2011 2nd International Conference on. IEEE, 2011, pp. 457– 461. A. S. Wander, N. Gura, H. Eberle, V. Gupta, and S. C. Shantz, “Energy analysis of public-key cryptography for wireless sensor networks,” in Pervasive Computing and Communications, 2005. PerCom 2005. Third IEEE International Conference on. IEEE, 2005, pp. 324–328. G. HS, M. Seetha, A. K. Koundinya, and P. CA, “Comparative study and performance analysis of encryption in rsa, ecc and goldwasser-micali cryptosystems,” International Journal of Application or Innovation in Engineering & Management (IJAIEM), vol. 3, no. 1, pp. 111–118, January 2014. A. K. Srivastava and A. Mathur, “The Rabin cryptosystem & analysis in measure of chinese reminder theorem,” International Journal of Scientific and Research Publications, p. 493, 2013. V. B. Andrea Pellegrini and T. Austin, “Fault-based attack of rsa authentication,” in Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 2010, pp. 855 – 860. [Online]. Available: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5456933 I. K. Salah, A. Darwish, and S. Oqeili, “Mathematical attacks on rsa cryptosystem,” Journal of Computer science, vol. 2, no. 8, p. 665, 2006. C. Cobb, Cryptography for dummies. John Wiley & Sons, 2004. W. H. Wong, “Timing attacks on RSA: revealing your secrets through the fourth dimension,” Crossroads, vol. 11, no. 3, pp. 5–5, 2005. P. C. Kocher, “Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems,” in Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, ser. CRYPTO ’96. London, UK, UK: Springer-Verlag, 1996, pp. 104–113. [Online]. Available: http://dl.acm.org/citation.cfm?id=646761.706156 M. Dworkin, “Recommendation for block cipher modes of operation. methods and techniques,” DTIC Document, Tech. Rep., 2001. G. J. Simmons, Contemporary cryptology: the science of information integrity. IEEE press, 1994. C. E. Shannon, “Communication theory of secrecy systems*,” Bell system technical journal, vol. 28, no. 4, pp. 656–715, 1949. D. Salomon, A concise introduction to data compression. Springer, 2007. www.saiconference.com 1023 | P a g e The author has requested enhancement of the downloaded file. All in-text references underlined in blue are linked to publications on ResearchGate.