System Considerations In Crypto-C

ends and the public exponent begins. It would be a good idea to put identifying marks on the data to make it easier to parse. BER/DER encoding standardizes such identifying marks as an industry standard so that people using different software packages can still trade information. Hence, with Crypto-C, the user has the option of storing a 768-bit public key simply as a modulus and public exponent (99 bytes), or in its DER-encoded format, which requires 126 bytes.

Private Key Size

At its most basic form, the private key consists of a modulus and a private exponent. The modulus for the private key is the same as the modulus for the public key. The private exponent is the truly private part of the private key. The private value is usually the same size as the modulus, or 1 bit smaller. Therefore, to store a 768-bit private key, one needs at least 1536 bits (192 bytes) of storage space.

To perform private key operations, you require only the modulus and private exponent. However, the computations can be much faster if you have access to more information.

Recall that, in RSA encryption, the modulus is actually the product of two prime numbers. The private exponent is derived from the two primes and the public exponent. Given only the modulus and the public exponent, an attacker cannot deduce the private exponent.

When computing the key pair, you can find two suitable primes, multiply them together to get the modulus, use the primes to determine the private exponent, and then throw the primes away. Or you can use the primes to compute two prime exponents and a Chinese Remainder Theorem (CRT) coefficient, and save all this information. Then, when executing private key operations with the extra information, you can use the Chinese Remainder Theorem to make the appropriate computations much more quickly.

So when saving a 768-bit private key, you actually need to save the following:

The modulus: 96 bytes

The public exponent — it is small and there are advantages to having it saved with the private key: 3 bytes

The private exponent: 96 bytes

Two primes: 2 ⋅ 48 bytes

Two prime exponents: 2 ⋅ 48 bytes

A CRT coefficient: 48 bytes

The identifying marks for DER encoding

1 3 0

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Page 151 Page 153
Page 152
Image 152
RSA Security 5.2.2 manual Private Key Size
Page 151 Page 153
Top Page Image Contents