Number Theory & Asymmetric Cryptography
|
|
- Mabel Wells
- 5 years ago
- Views:
Transcription
1 Number Theory & Asymmetric Cryptography
2 Modular Arithmetic Notations Ζ={, 2, 1, 0,1,2,, } Ζ m ={0,1, 2,,m 2, m 1} a b mod m a=b+km, integer k
3 Addition mod m Given a b mod m and c d mod m (a+c) (b+d) mod m a b=km,c d=lm, integers k,l (a+c)=b+d+(k+l)m=(b+d)+ jm Examples (25+ 15) (1+3) 0 mod 4 (25+15) (4+1) 5 mod 7
4 Multiplication mod m a b mod m,c d mod ac bd mod m ac=( b+km)( d+lm)=bd+(bl+ kd+klm) m Example 26 2 mod 4,11 3 mod =286 2 mod 4 2 3=6 2 mod 4
5 What about division? Is division possible in Z m? (A long detour necessary at this point) Group, Abelian Group, Ring and Field Field Ring Abelian Group Group
6 Group, Ring and Field Group: Addition is closed, and associative, additive identity and additive inverse exist Abelian group: Addition is also commutative Ring: Multiplication is closed, associative, commutative, and distributive; multiplicative identity exists Field: Every element except additive identity has multiplicative inverse In Z m additive identity is 0, multiplicative identity is 1. Its a Ring. Is Z m a Field?
7 Multiplicative Inverse Consider m = 5, or {0,1,2,3,4} 2*3 = 3*2 = 1 mod 5. So 2 3 (3 and 2 are multiplicative inverses in Z5 ) 4*4 = 1 mod 5, or 4 4 obviously, 1 1 Z 5 is clearly a field (all elements except additive identity have a multiplicative inverse) Consider m = 6, or {0,1,2,3,4,5} 5 5, 1 1 No inverses for 2,3 and 4? (why?) Z 6 is not a Field (it is a Ring) (As we shall see soon) the reason for this is that 6 is not a prime mumber
8 Basic Theorems of Arithmetic Any number can be represented as a product of powers of primes. Let p i be the i th prime n= i=1 If n= i=1 pi e i,e i 0 n i pi,m= i=1 pi m i lcm(m,n)= i=1 pi max(n i,m i ) pi min(n i,m i ) gcd(m,n)= i=1 60= ,18= lcm(60,18)= =180 gcd(60,18)= =6
9 GCD Definitions gcd(m,n) represented as (m,n) If a = kb, where k is an integer, we say b a (b divides a) s = (m,n) is the largest positive integer satisfying s m and s n If s=(m,n)=1, m and n are relatively prime Euclidean algorithm used for finding gcd
10 GCD Properties If (m,n)=1, m a, n a then mn a Example (5,6)=1 : a number divisible by both 5 and 6 has to be divisible by 30 (9,6) not equal to 1 : a number divisible by both six and 9 does not have to be divisible by 54 (example, 18) A useful result: If (m,n)=1, x=a mod m, and x=a mod n, then x=a mod mn (x-a) divisible by m and n. So it has to be divisible by mn
11 Bezout's Representation s = (a,b) = ia+jb (where i and j are integers) s (the gcd) is the smallest positive integer that can be written as a combination of a and b Practical Implications: If coins are minted in only two denominations a and b can we accomplish any transaction How can you measure 1 foot with two sticks one 9 feet long and the other 7 feet long? We can because (7,9)=1. 1 = 4*7 + (-3)*9
12 Algorithm for GCD Basic idea - if a = qb + c then (a,b) = (b,c) Let s = (a,b) and t = (b,c) s a, s b, t b, t c c = a qb = s(a 1 -qb 1 ) or s c As s b and s c and t is the largest integer that divides both b and c, so s<=t a = qb+c = t(qb 2 +c 2 ) or t a As t b and t a and s is the largest integer that divides both a and b, so t<=s t<=s and s<=t possible only if s=t (a,b)=(b,c ) if a=qb+c
13 Euclidean Algorithm (a,b)=(b,c ) if a=qb+c (a 0, a 1 ),a 0 >a 1 Let a 0 =q 1 a 1 +a 2 (a 0, a 1 )=(a 1, a 2 ) Let a 1 =q 2 a 2 +a 3 (a 1, a 2 )=(a 2, a 3 ) and so on until we can trivially find the GCD by inspection
14 (457, 283) Euclidean Algorithm
15 Euclidean Algorithm (457, 283) 457 = 1* {or (457,283)=(283,174)}
16 Euclidean Algorithm (457, 283) 457 = 1* = 1* = 1* = 1* = 1* = 2* = 10*2 + 1
17 Euclidean Algorithm (457, 283) 457 = 1* = 1* = 1* = 1* = 1* = 2* = 10* = 2*1 + 0, or (457,283) = (2,1) = 1
18 Euclidean Algorithm (457, 283) 457 = 1* = 1* = 1* = 1* = 1* = 2* = 10* = 21-10*2 (Bezout Representation) 2 = 2*1 + 0 (457,283) =(283,174) = (174,109) = (109,65) = (65,44) = (44,21) = (21,2) = (2,1) = 1
19 Backtracking for Bezout (457, 283) 457 = 1* = 1* = 1* = 1* = 1* = 2* = 21-10*(44-2*21) 21 = 10* = 21-10*2 2 = 2*1 + 0 or (457,283) = (2,1) = 1
20 Backtracking Euclid (457, 283) 457 = 1* = 135*457 + (-218)* = 1* = 1* = 1* = 1* = 2* = 21-10*(44-2*21) 21 = 10* = 21-10*2 2 = 2*1 + 0 or (457,283) = (2,1) = 1
21 Modular Inverse Does inverse of a exist in Z m? aa 1 1 mod m Let b=a 1 ab 1 mod m ab=1+km 1=( b)a+km (a,m)=1 Inverse exists only if (a,m)=1 Else we can not get a Bezout representation linking 1, a and m (like 1 = xa+ym) If (a,m)=1 we can use extended Euclidean algorithm to find the inverse of a in Z m
22 Multiplicative Inverse of 283 in Z 457 (457, 283) 457 = 1* = 135*457 + (-218)* = 1* = 1* = 1* = 1* = 2* = 21-10*(44-2*21) 21 = 10* = 21-10*2 2 = 2*1 + 0 or (457,283) = (2,1) = 1
23 Multiplicative Inverse of 283 in Z 457 (457, 283) 457 = 1* = 135*457 + (-218)* = 1* (-218*283) = 1 + (-135)* = 1* (-218*283) = 1 mod = 1* = 239 mod = 1* (239*283) = 1 mod = 2* = 10* = 21-10*2 2 = 2*1 + 0 or (457,283) = (2,1) = 1
24 Multiplicative Inverse of 283 in Z 457 (457, 283) 457 = 1* = 135*457 + (-218)* = 1* (-218*283) = 1 + (-135)* = 1* (-218*283) = 1 mod = 1* = 239 mod = 1* (239*283) = 1 mod is the inverse of 283 mod 457 Check: 239*283 = = *457
25 Extended Euclid Algorithm d=(a,b)=ak+bl EE Algorithm returns d,k,l u=[a 1 0]; v=[b 0 1]; while (v(0)!= 0) do y=floor(u(0)/v(0)); w=u-y*v; u=v; v=w; endwhile d=u(0); k=u(1); l=u(2); a=457,b=283 u(0) u(1) u(2) v(o) v(1) v(2) =135*457 + (-218)*283
26 End of Detour Now we know why inverses do not exist for 2,3 and 4 in Z 6 Note that (5,6)=1 (That's why 5 has an inverse in Z 6 )
27 Prime Modulus What if m is prime? We have Zm = {0,1,2,...,m-1} Every number is relatively prime to a prime number So every number 1... m-1 has an inverse Zm is a FIELD if m is prime Normally we call it prime field Zp
28 RECAP Z m = {0,1,2,...,m-1} Z m is a group, and ring Multiplicative inverse of a exists only if (a,m)=1; GCD computed using Euclidean algorithm Multiplicative Inverse using Extended Euclidean Algorithm If m = p (a prime) then Z p is a field All elements (except additive identity 0) have a multiplicative inverse.
29 Square and Multiply Algorithm for Exponentiation Compute y = a x mod n Get binary representation of x Let b(r)b(r-1)...b(0) represent bits of x z=1; for i=r downto 0 z=z*z mod n if (b(i)==1) z=z*a mod n endif endfor
30 Example Compute y = mod 87 43= b ; r=5; a=36; n=87;z=1 Step Beginning End of step 1. b5=1, z=1 z=z*z*a = 36 mod b4=0,z=36 z=z*z=78 mod b3=1,z=78 z=z*z*a=45 mod b2=0,z=45 z=z*z=24 mod b1=1,z=24 z=z*z*a=30 mod b0=1,z=30 z=z*z*a=36 mod = 36 mod 87
31 Public Key Cryptography Symmetric cryptography requires every pair of interacting entities to share a secret Asymmetric cryptography is useful in establishing pair-wise secrets Every entity begins by generating a key pair Let Alice's key pair be (R A,U A ) The private key RA is a secret known only to Alice The public key UA is made know to everyone
32 Public key Algorithms Two algorithms (E() and D()) were defined for symmetric ciphers A public key algorithm (for example, RSA) refers to a system with up to 6 different sub-algorithms Key pair generation algorithm Encryption algorithm Decryption algorithm Signing algorithm Verification algorithm Key-exchange algorithm Not all 6 by necessary for every public-key system Key pair generation is necessary for all. Some do only encryption and decryption, some do only signing/verification, some do only key-exchange
33 Key Generation Algorithm Alice chooses a random private key RA And computes the corresponding public UA It should be impractical for anyone to compute the private key given the public key Even while the relationship between (R A,U A ) is one-toone Example: Private key is two randomly chosen large primes p and q The public key is n=pq
34 Encryption Algorithm Any one with knowledge of Alice's public key can send a secret message to Alice To send a secret P, the sender (say, Bob) Uses an encryption algorithm C=Enc(P,U A ) Cipher-text C sent to Alice
35 Decryption Algorithm Only the entity with the corresponding private key can decrypt the cipher-text C=Enc(P,UA ) can be decrypted using the Dec() algorithm as P = Dec(C,R A ) As only Alice is privy to her private key R A, only Alice can decrypt C Can Alice confirm the identity of the sender?
36 Signing/Verification Algorithms To sign a message (typically the hash of a message) Alice uses the signing algorithm Sig() Let M be the message hash to be signed The signature S is computed as S=Sig(M,R A ) Anyone with access to Alice's public key can verify the signature using algorithm Ver() Algorithm Ver(M,S,UA ) returns TRUE only if S was computed using the corresponding private key, and the same message. If TRUE, the verifier concludes that the message was signed by Alice.
37 Inputs and Outputs In symmetric cryptography the inputs and outputs (to E()/D()) were bit-strings of fixed sizes, with no special interpretation In asymmetric cryptography the inputs and outputs to the five algorithms are seen as numbers belonging to a finite field/ring/group The sizes of inputs/outputs are also more substantial (typically few thousand bits)
38 Field, Ring, and Group (Once Again) Finite sets (of numbers/elements) Group: Addition is closed, associative Additive inverse exists; additive identity exists Abelian Group are subsets of Groups, where Group Abelian Group Ring Field Addition is also commutative Rings are subsets of Abelian Groups Multiplication is closed, associative, distributive, and commutative A multiplicative identity exists Fields are subsets of Rings Every element except the additive identity has a multiplicative inverse
39 Rings and Fields We limit ourselves to one type of finite sets Set of integers modulo m Z m = (0,1,2,...,m-1) With modular addition and multiplication Z m is a Field if m is prime; Ring if m is not prime
40 Prime Number Theorem Prime Numbers Number of prime numbers less than n is approx. n/log(n) Ψ(n) n/log (n) Prime numbers are dense Any number can be represented as a product of powers of primes n=π i=1 p i a i For example 10= = =
41 Euler Totient Two numbers are relatively prime if they have no common factors their GCD is 1. example (9,14)=1,(7,22)=1, etc Positive integers <n (or elements of Zn ) that are relatively prime to n are totatives of n The Euler Totient Function Phi(n) is the count of the totatives of n If n=π a i=1 p i i then Φ(n)=Π a i=1 p 1 i i ( p i 1)
42 Euler Totient n=π a i =1 p i i Φ(n)=Π a i=1 p 1 i i ( p i 1) n=12=2 2 3 Φ(12)=2 1 (2 1)3 0 (3 1)=4 n=15= Φ(15)=(3 1)(5 1) n=13=13 Φ(13)=(13 1) We are particularly interested in two cases Case 1: n is a prime p the Euler totient is p-1 all elements in Z p except 0 are totatives Case 2: n=pq where p and q are primes: the Euler totient is (p-1)(q-1) Only (p-1)(q-1) of n=pq elements of Z p are totatives
43 Example, m=35 = 5x7 Zm ={0,1,2,3,..., 34} 7 multiples of 5, and 5 multiples of 7, are obviously not totatives 7 multiples of 5 are 0,5,10,15,20,25,30 5 multiples of 7 are 0,7,14,21,28 0 is in both = 11 numbers are not totatives = 24 = (5-1)(7-1) numbers are totatives {1,2,3,4,6,8, 9,11,12,13,16,17, 18,19,22,23,24,26, 27,29,31,32,33,34} are the 24 totatives of 35.
44 For General m=pq More generally p multiples of q are not totatives q multiples of p are not totatives 0 is in both p+q-1 are not totatives pq-(p+q-1) = (p-1)(q-1) numbers are totatives
45 Multiplicative Inverses All totatives of Z m have multiplicative inverses modulo m Totatives of 35 {01,02,03,04,06,08,09,11,12,13,16,17,18,19,22,23,24,26,27,29,31,32,33,34} (Corresponding) Multiplicative inverses {01,18,12,09,06,22,04,16,03,27,11,33,02,24,08,32,19,31,13,29,26,23,17,34} (1,1),(2,18),(3,12)... are inverses mod 35 If m is prime are numbers in Z m (except 0) have multiplicative inverses If m=pq then only the (p-1)(q-1) totatives have multiplicative inverses mod mod 35 a.a 1 35 k+1 1 mod 35 where k is some integer
46 Set of Totatives Consider the set of Φ(m) totatives {a 1 a 2 a Φ(m) } of m What happens when you multiply a totative with another? The result has to be a totative. Why? a i a j =x can NOT have any factor common with m x too has to be a totative Example mod 35, mod 35 Any power of a totative also has to be a totative For e.g. in mod 35, ,32 3 8, ,32 5 2
47 Permutation of Totative Set Set of Φ(m) totatives {a 1, a 2, a Φ(m) } of m Choose any a=a i from the set Multiply every number in the set by a to get {a 1 a, a 2 a, a Φ(m) a} Now {a 1 a, a 2 a, a Φ(m) a} is a PERMUTATION of {a 1, a 2, a Φ(m) }. Why? Pick two indexes i, j {1 Φ(m)} a i a a j a (a i a j )a 0 mod m Or m divides (a i a j )a. As a has no common factors with m we need m to divide a i a j Which can only happen if a i a j =0 or i= j
48 Euler Fermat's Theorem Φ(m)Totatives {a 1, a 2, a Φ(m) } of m {a 1 a,a 2 a, a Φ(m) a} is a PERMUTATION of {a 1, a 2, a Φ(m) } Multiply all elements together in both sides. The result in both sides should be the same if one side is a permutation of the other {a 1 a a 2 a a Φ(m) a} {a 1 a 2 a Φ(m) } mod m a Φ(m) {a 1 a 2 a Φ(m) } {a 1 a 2 a Φ(m) } mod m a Φ(m) 1 mod m. if a is relatively prime to m Fermat's Theorem (special case of Euler-Fermat Theorem) a p 1 1 mod p if p is prime
49 Euler Fermat's Theorem Fermat's Theorem a p 1 1 mod p a a k (p 1) 1 mod p a a k (p 1)+ 1 a mod p a Euler Fermat's Theorem a Φ(m) 1 mod m. if (a, m)=1 a k Φ(m) 1 mod m. if (a,m)=1 a k Φ(m)+1 a mod m. if (a,m)=1 However, if m= pq then we can show that a k Φ(m)+1 a mod m, EVEN IF (a, m) 1
50 Proof a k Φ(m)+1 a mod m a if Φ(m)=( p 1)(q 1). a k Φ(m)+1 =a k( p 1)(q 1)+ 1 a mod p a k Φ(m)+1 =a k ( p 1)(q 1)+1 a mod q Thus, a k Φ(m)+1 a mod m= pq
51 Summary a k Φ(m)+1 a mod m forall a :Useful for RSA a p 1 1 mod p Fermat's Little Theorem
52 Simplifying Modular Expressions Given x y mod m, simplifying involves removing all multiples of m from x removing all multiples of Φ(m)from the exponent y x y mod m=(x mod m) y mod Φ(m) mod m Examples mod 23 Φ(23)=22 ; 241 mod 23=11; 456 mod 22= mod 23=11 16 mod mod 119 (Φ(119=7.17)=6.16=96) 241 mod 119=3 ; 456 mod 96= mod 119=3 72 mod 119
53 Difficult Inverse Problems Factorization Problem Given two primes p, q trivial to compute n= pq Difficult to find p or q given n Discrete logarithm Problem prime p, g generator of Z p Given p, g,α g a mod p Infeasible to find a
54 Choosing a Prime We know factorization is a difficult problem Given a number p Can we say if it is a prime w/o factorizing? Yes How? Probabilistic Primality Testing We can confirm if a number is a prime with a vanishingly small probability of failure Choosing a prime is NOT a hard problem
55 Probabilistic Primality Check (PPC) Given a number p ' If p ' is a prime we know a p ' 1 mod p' 1 a But, if a p ' 1 mod p' 1 for some a we can not say it will be true for all a Solution: Choose n random a' s for the test if the test passes every time probability that p ' is NOT a prime is <1/2 n Why? If the test fails for even for one a Ζ p ' it should fail for atleast half the possible elements in Ζ p'
56 PPC Assume test passes for a=a 1 a n and fails for a=x a 1 p ' 1 a 2 p ' 1 a n p ' 1 1 mod p' x p ' 1 1 mod p' In this case the test should also fail for x a 1, x a 2,, x a n If the test fails even once it should fail atleast as many times as it passes! the probability of false choice with one test is 1 /2 with n tests it reduces to 1/2 n
57 PPC Algorithm IsPrime(p) count =0 while (count < n) a=rand() if a p mod p a count+=1 else break endif endwhile if (count=n) return TRUE
58 Algorithm to Pick n-digit Prime Generate random n-bit odd number p while (!IsPrime(p)) p+=2; //next odd number return p
59 Diffie-Helman Key Exchange prime p, g Z p generator: both known to all Alice chooses random a Z p Bob chooses random b Z p Alice to Bob α g a mod p Bob to Alice β g b mod p Alice computes K AB β a g ab Bob computes K AB α b g ab
60 RSA Key Pair Generation 1. Choose two large primes p, q 2. Compute n= pq,ϕ(n)=(p 1)(q 1) 3. Choose a small e such that (e,ϕ(n))=1 4. Find d where de 1 mod ϕ(n) 5. Destroy p,q,ϕ(n) public (modulus and exponent) n, e private (exponent) d
61 RSA Encryption/Decryption Alice's public keys n,e, private exponent d To send a secret P to Alice, Bob computes C P e mod n Alice decrypts C as P C d mod n Why does this work? C d (P e ) d P (ed) P k ϕ(n)+1 P mod n As d and e are multiplicative inverses mod ϕ(n)
62 RSA Signing / Verification To sign a hash M, Alice computes S M d mod n Any one can verify M S e mod n
63 RSA Example Key Pair Generation p=1009, q=503 n=pq=507527,ϕ(n)=( p 1)(q 1)= e =5, d= ( mod =1) public (modulus and exponent) n=507527, e=5 private (exponent) d = Encryption P= C= P e mod n= mod =32110 P=C d mod n= mod =423621
64 El Gamal Key Generation p, g, known to all Alice chooses random private key a Public key is α=g a mod p Example p=79, g=7 Alice chooses a=43,α g a mod 79 Alice's private key 43, Alice's public key 48
65 El Gamal Encryption/Decryption To send a secret value P to Alice Bob chooses random k Z p C P α k mod p, μ g k mod p C,μ sent to Alice who can compute x μ a α k mod p P Cx 1 mod p
66 Primes are Dense Recall. Total number of primes less than N is roughly N/ log(n) Total number of primes with 150 or less digits is e148 Total number of primes with 149 or less digits is e147 Total number of 150 digit primes is e148 (one in every 387 numbers) On an average we need to test about 387/4 = 97 numbers (test if it is a prime) before we hit upon a 150 digit prime
67 El Gamal Encryption/Decryption Example p=79, g=7, a=43, α=48, P=21, k=5 μ g k mod 79 α k mod 79 C P α k mod 79 Alice computes μ a mod p and mod p and P C (μ a ) mod p
68 El Gamal Signing/Verification To sign a hash M Alice chooses random k Z p μ g k mod p S (M a μ)k 1 mod p 1 Anyone can verify relationship between ( M, S,μ, α) α μ μ S g a μ g k (M a μ) k 1 g M mod p Example p=79, a=43, α=48, M =12, k=5 μ g k mod 79 k 1 47 mod p 1 S (M a μ)k 1 ( ) mod 78. α μ μ S mod p g h mod p.
69 Complexity Multiplication/Division/Square-root of n-bit number O(n 2) Modular Mutiplication: (one multiplication and one division) is also O(n 2 ) Computing exponent: Order of r (r to 2r) modular multiplications (MM), where r is the number of bits in the exponent a b mod m, where a,b,m are n-bit integers: Complexity O(n 3 ) Computing GCD (both numbers are n-bit numbers): About n steps where each step has 1-2 MMs. Complexity O(n 3 ) Computing Multiplicative Inverse: Same as GCD with exended Euclidean Algorithm. Complexity O(n 3 )
70 Complexity of El Gamal Encryption: Two exponentiations Decryption: One exponentiation, one multiplicative Inverse Signing: One exponentiation, One multiplicative Inverse Verification: Two exponentiations Key Generation : One exponentiation All have the same O(n 3 ) complexity
71 Complexity of RSA Encryption: Exponentiation with the small public exponent (3-bit exponent implies only 3-6 modular multiplications). Complexity O(n 2 ) Decryption: Exponentiation with n-bit private exponent. Complexity O(n 3 ) Signing: Exponentiation with n-bit private exponent. Complexity O(n 3 ) Verification: Exponentiation with the small public exponent. Complexity O(n 2 ) Key Generation: O(n 4). Why?
72 Primes are Dense Recall. Total number of primes less than N is roughly N/ log(n) Total number of primes with 150 or less digits is e148 Total number of primes with 149 or less digits is e147 Total number of 150 digit primes is e148 (one in every 387 numbers) On an average we need to test about 387/4 = 97 numbers (test if it is a prime) before we hit upon a 150 digit prime
73 Complexity of Finding n-bit Prime Average distance between 2 n-bit primes is O(n). So O(n) PPCs (probabilistic primality checks) to determine a prime. Most PPCs will fail soon (in one or two Fermat tests - which requires one exponentiation) The successful check will be require about 100 exponentiations Complexity of O(n) failing PPCs is O(n 4) (each failing PPC calls for 1-2 exponentiation) Passing PPC is 100*O(n 3 ) (can be ignored for large n)
74 More on Choosing Primes RSA: If modulus n is a 2000 bit number it is advisable to choose a 1001 bit and a 999 bit prime for p and q. Do not choose p and q close to each other (999 and 1001 is the farthest you can get) p-1 and and q-1 should have at least one very large factor Actually the complexity of one factorization algorithm will depend only on the size of the largest factor of p-1 or q-1 El Gamal/Diffie Hellman Choosing p close to 2 m lends itself to fast algorithms for MM. All these optimizations not possible for RSA as every one works on a different modulus m=pq
75 Primes are Dense Recall. Total number of primes less than N is roughly N/ log(n) Total number of primes with 150 or less digits is e148 Total number of primes with 149 or less digits is e147 Total number of 150 digit primes is e148 (one in every 387 numbers) On an average we need to test about 387/4 = 97 numbers (test if it is a prime) before we hit upon a 150 digit prime
76 Factorization RSA relies on the assumption that factorization is hard Brute force factorization of n = pq: Check all primes less than n. For 300 digit n (around 150 digit p and q) around 1e147 primes have to be tested - highly impractical Attacker complexity of 1e20 may be acceptable (equivalent to 64-bit symmetric cipher) Many sophisticated algorithms have been developed for factorization We will just need to increase the key lengths as sophistication of attacks improve
77 Simple Factoring Algorithms Fermat s factorization is effective if the two prime factors (p and q) are close to each other Pollards p 1 algorithm is efficient in scenarios where either p 1 or q 1 is comprised of many small factors William s p + 1 algorithm is efficient when p + 1 or q + 1 is comprised entirely of small factors Care should be taken to ensure that p and q are not close - for example choosing 148-digit q and 150 digit p Also necessary to ensure that p 1, q 1, p + 1, q + 1 do not have small factors. These requirements makes secure key generation even more complex for RSA.
78 Advanced Factoring Algorithms Dixons random squares, number field sieves All of them try to determine some special relationships If we can find two numbers x and y such that x 2 y 2 mod n and x! y mod n and x! y mod n, then we can easily factorize n Note that x 2 y 2 mod n n divides (x y)(x + y) x! y mod n n does not divide (x y) x! y mod n n does not divide (x + y) So (n, x + y) and (n, x y) should give the factors of n
79 Attacking the Discrete Log Problem Shank s Algorithm Pohlig-Helman Algorithm (works well if p 1 has no large factors) Index Calculus method Number-field seive
80 Order of a Number in Z p The order of a Zp is the minimum value r for which a r 1 mod p The maximum order is p 1. Also referred to as full order. Generators have full order. The order of any number divides p 1 As p 1 is always even at the minimum we should have 4 orders: p 1, 1, 2, and (p 1)/2 In Z11 2,6,7 and 8 have full order (p 1 = 10); 3,4,5 and 9 have order (p 1)/2 = 5; 10 has order 2; 1 has order 1;
81 Order Divides p-1 The order of 1 is always 1; order of p 1 is always 2 (irrespective of p) The number of elements with full order (the number of generators) is Φ(p 1) The number of elements with order (p 1)/d is Φ((p 1)/d)). The order of any number divides p 1
82 Schnorr Signature Scheme DSA is a variant of the Schnorr Scheme Public p, q, gq, hash function H(). Large prime p (say 1024-bits) Prime q (p 1) (say 160-bit prime) Choose gq Z p, where g q has order q. Z p will contain Φ(q) = q 1 numbers of order q Alice s private key a Zp, public key α g a q mod p.
83 Schnorr Signature To sign a message M Alice chooses a random 1 k q 1 and calculates: r = H(M. gq k) mod q s = (k + ar) mod q Signature is r. s (both r and s are 160-bit quantities) Verifier (who has α = gq a mod p) can calculate x g s q α r mod q g k+ar q g -ar q g k q mod q And verify that H(M. x) = r. Note that The signature size is small (equivalent to 2 hashes) All computations (for signing and verification) use smaller modulus q
84 Summary of Complexity O(n 2): RSA encryption/signature verification: O(n 3): RSA decryption/signing, EL Gamal encryption/signing/decryption/verification/key generation O(n 4 ): RSA key generation All of the above are very much practical though (thats why we use them). No polynomial complexity algorithms exist for factorization/solving discrete log. Increasing complexity: each step by a factor of Symmetric encryption/hashing RSA encryption/verification RSA signing, encryption, all of El Gamal RSA key generation
Modular Arithmetic (Read Sections 4.1 thro 4.4)
Modular Arithmetic (Read Sections 4.1 thro 4.4) Set of all integers Set of positive integers less than m We want to perform arithmetic in Z m Equivalence Classes Say m = 5 Z m ={0,1,2,3,... m 1} EC of
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationCongruence Classes. Number Theory Essentials. Modular Arithmetic Systems
Cryptography Introduction to Number Theory 1 Preview Integers Prime Numbers Modular Arithmetic Totient Function Euler's Theorem Fermat's Little Theorem Euclid's Algorithm 2 Introduction to Number Theory
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationOverview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017
CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 8 February 1, 2012 CPSC 467b, Lecture 8 1/42 Number Theory Needed for RSA Z n : The integers mod n Modular arithmetic GCD Relatively
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 14, 2013 CPSC 467b, Lecture 9 1/42 Integer Division (cont.) Relatively prime numbers, Z n, and φ(n) Computing in Z n
More informationIntroduction to Public-Key Cryptosystems:
Introduction to Public-Key Cryptosystems: Technical Underpinnings: RSA and Primality Testing Modes of Encryption for RSA Digital Signatures for RSA 1 RSA Block Encryption / Decryption and Signing Each
More informationLecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya
BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,
More informationDiscrete Logarithm Problem
Discrete Logarithm Problem Finite Fields The finite field GF(q) exists iff q = p e for some prime p. Example: GF(9) GF(9) = {a + bi a, b Z 3, i 2 = i + 1} = {0, 1, 2, i, 1+i, 2+i, 2i, 1+2i, 2+2i} Addition:
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationCS 4990 / 6990 Lecture Notes Mathematical Foundations for Asymmetric Cryptography
CS 4990 / 6990 Lecture Notes Mathematical Foundations for Asymmetric Cryptography Mahalingam Ramkumar Department of Computer Science and Engineering Mississippi State University November 13, 003 1 Elementary
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 12: Introduction to Number Theory II Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline This time we ll finish the
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More information8.1 Principles of Public-Key Cryptosystems
Public-key cryptography is a radical departure from all that has gone before. Right up to modern times all cryptographic systems have been based on the elementary tools of substitution and permutation.
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationNumber theory (Chapter 4)
EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?
More informationTopics in Cryptography. Lecture 5: Basic Number Theory
Topics in Cryptography Lecture 5: Basic Number Theory Benny Pinkas page 1 1 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem: generating
More informationCourse MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography
Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationbasics of security/cryptography
RSA Cryptography basics of security/cryptography Bob encrypts message M into ciphertext C=P(M) using a public key; Bob sends C to Alice Alice decrypts ciphertext back into M using a private key (secret)
More informationIntroduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions
Introduction to Modern Cryptography Lecture 7 1. RSA Public Key CryptoSystem 2. One way Trapdoor Functions Diffie and Hellman (76) New Directions in Cryptography Split the Bob s secret key K to two parts:
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationIntroduction to Cryptography. Lecture 6
Introduction to Cryptography Lecture 6 Benny Pinkas page 1 Public Key Encryption page 2 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem:
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 23, 2017 CPSC 467, Lecture 14 1/42 Computing in Z n Modular multiplication Modular inverses Extended Euclidean algorithm
More informationNumber Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers
Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications
More informationECE596C: Handout #11
ECE596C: Handout #11 Public Key Cryptosystems Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract In this lecture we introduce necessary mathematical background for studying
More information1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation
1 The Fundamental Theorem of Arithmetic A positive integer N has a unique prime power decomposition 2 Primality Testing Integer Factorisation (Gauss 1801, but probably known to Euclid) The Computational
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More informationOutline. Available public-key technologies. Diffie-Hellman protocol Digital Signature. Elliptic curves and the discrete logarithm problem
Outline Public-key cryptography A collection of hard problems Mathematical Background Trapdoor Knapsack Integer factorization Problem Discrete logarithm problem revisited Case of Study: The Sun NFS Cryptosystem
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationMATH 158 FINAL EXAM 20 DECEMBER 2016
MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page
More informationIntroduction to Cryptography. Lecture 8
Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication
More informationPublic Key Encryption
Public Key Encryption KG October 17, 2017 Contents 1 Introduction 1 2 Public Key Encryption 2 3 Schemes Based on Diffie-Hellman 3 3.1 ElGamal.................................... 5 4 RSA 7 4.1 Preliminaries.................................
More informationAddition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?
Ch - Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication al-khwārizmī
More informationCryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups
Great Theoretical Ideas in CS V. Adamchik CS 15-251 Upcoming Interview? Lecture 24 Carnegie Mellon University Cryptography and RSA How the World's Smartest Company Selects the Most Creative Thinkers Groups
More informationNumber Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.
CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationAlgorithmic Number Theory and Public-key Cryptography
Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationCryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1
Cryptography CS 555 Topic 18: RSA Implementation and Security Topic 18 1 Outline and Readings Outline RSA implementation issues Factoring large numbers Knowing (e,d) enables factoring Prime testing Readings:
More informationPrivate Key Cryptography. Fermat s Little Theorem. One Time Pads. Public Key Cryptography
Fermat s Little Theorem Private Key Cryptography Theorem 11 (Fermat s Little Theorem): (a) If p prime and gcd(p, a) = 1, then a p 1 1 (mod p). (b) For all a Z, a p a (mod p). Proof. Let A = {1, 2,...,
More informationCryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg
Course 1: Remainder: RSA Université du Luxembourg September 21, 2010 Public-key encryption Public-key encryption: two keys. One key is made public and used to encrypt. The other key is kept private and
More informationElementary Number Theory MARUCO. Summer, 2018
Elementary Number Theory MARUCO Summer, 2018 Problem Set #0 axiom, theorem, proof, Z, N. Axioms Make a list of axioms for the integers. Does your list adequately describe them? Can you make this list as
More informationTECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018
Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018 Name : TU/e student number : Exercise 1 2 3 4 5 total points Notes: Please hand in all sheets at the end of the exam.
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 6, 2012 CPSC 467b, Lecture 9 1/53 Euler s Theorem Generating RSA Modulus Finding primes by guess and check Density of
More informationNetwork Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30
Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) LIU Zhen Due Date: March 30 Questions: 1. RSA (20 Points) Assume that we use RSA with the prime numbers p = 17 and q = 23. (a) Calculate
More informationDiscrete mathematics I - Number theory
Discrete mathematics I - Number theory Emil Vatai (based on hungarian slides by László Mérai) 1 January 31, 2018 1 Financed from the financial support ELTE won from the Higher Education
More informationNumber Theory. Modular Arithmetic
Number Theory The branch of mathematics that is important in IT security especially in cryptography. Deals only in integer numbers and the process can be done in a very fast manner. Modular Arithmetic
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationTi Secured communications
Ti5318800 Secured communications Pekka Jäppinen September 20, 2007 Pekka Jäppinen, Lappeenranta University of Technology: September 20, 2007 Relies on use of two keys: Public and private Sometimes called
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationChapter 4 Public Key Cryptology - Part I
Chapter 4 Public Key Cryptology - Part I February 15, 2010 4 The concept of public key cryptology (PKC) emerged in the early 1970 s in the British Government s communications center CESG, Cheltenham. (See
More informationNotes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I
Number Theory: Applications Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Fall 2007 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 3.4 3.7 of Rosen cse235@cse.unl.edu
More informationCIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography 1 Review of Modular Arithmetic 2 Remainders and Congruency For any integer a and any positive
More informationTECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Friday 25 January 2019
Faculty of Mathematics and Computer Science Exam Cryptology, Friday 25 January 2019 Name : TU/e student number : Exercise 1 2 3 4 5 total points Notes: Please hand in all sheets at the end of the exam.
More informationMa/CS 6a Class 4: Primality Testing
Ma/CS 6a Class 4: Primality Testing By Adam Sheffer Reminder: Euler s Totient Function Euler s totient φ(n) is defined as follows: Given n N, then φ n = x 1 x < n and GCD x, n = 1. In more words: φ n is
More informationTheme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS
1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationOWO Lecture: Modular Arithmetic with Algorithmic Applications
OWO Lecture: Modular Arithmetic with Algorithmic Applications Martin Otto Winter Term 2008/09 Contents 1 Basic ingredients 1 2 Modular arithmetic 2 2.1 Going in circles.......................... 2 2.2
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationNumber Theory and Group Theoryfor Public-Key Cryptography
Number Theory and Group Theory for Public-Key Cryptography TDA352, DIT250 Wissam Aoudi Chalmers University of Technology November 21, 2017 Wissam Aoudi Number Theory and Group Theoryfor Public-Key Cryptography
More informationSecurity II: Cryptography exercises
Security II: Cryptography exercises Markus Kuhn Lent 2015 Part II Some of the exercises require the implementation of short programs. The model answers use Perl (see Part IB Unix Tools course), but you
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols nichols@math.umass.edu University of Massachusetts Oct. 14, 2015 Cryptography basics Cryptography is the study of secure communications. Here are
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationIntroduction. will now introduce finite fields of increasing importance in cryptography. AES, Elliptic Curve, IDEA, Public Key
Introduction will now introduce finite fields of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public Key concern operations on numbers where what constitutes a number and the type of
More informationNumber Theory & Modern Cryptography
Number Theory & Modern Cryptography Week 12 Stallings: Ch 4, 8, 9, 10 CNT-4403: 2.April.2015 1 Introduction Increasing importance in cryptography Public Key Crypto and Signatures Concern operations on
More informationLECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS
LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several
More informationNumbers. Çetin Kaya Koç Winter / 18
Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 1 / 18 Number Systems and Sets We represent the set of integers as Z = {..., 3, 2, 1,0,1,2,3,...} We denote the set of positive integers modulo n as
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationb = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.
INTRODUCTION TO CRYPTOGRAPHY 5. Discrete Logarithms Recall the classical logarithm for real numbers: If we write b = 10 a, then a = log 10 b is the logarithm of b to the base 10. Changing the base to e
More informationCHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30
CHALMERS GÖTEBORGS UNIVERSITET CRYPTOGRAPHY TDA35 (Chalmers) - DIT50 (GU) 11 April 017, 8:30-1:30 No extra material is allowed during the exam except for pens and a simple calculator (not smartphones).
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #9 Sep 22 nd 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Midterm #1, next class (Tues, Sept 27 th ) All lecture materials and readings
More informationLecture 3.1: Public Key Cryptography I
Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena Today s Informative/Fun Bit Acoustic Emanations http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+em
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationCS March 17, 2009
Discrete Mathematics CS 2610 March 17, 2009 Number Theory Elementary number theory, concerned with numbers, usually integers and their properties or rational numbers mainly divisibility among integers
More informationCPSC 467b: Cryptography and Computer Security
Outline Quadratic residues Useful tests Digital Signatures CPSC 467b: Cryptography and Computer Security Lecture 14 Michael J. Fischer Department of Computer Science Yale University March 1, 2010 Michael
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationPublic Key Algorithms
1 Public Key Algorithms ffl hash: irreversible transformation(message) ffl secret key: reversible transformation(block) encryption digital signatures authentication RSA yes yes yes El Gamal no yes no Zero-knowledge
More informationPart IA Numbers and Sets
Part IA Numbers and Sets Theorems Based on lectures by A. G. Thomason Notes taken by Dexter Chua Michaelmas 2014 These notes are not endorsed by the lecturers, and I have modified them (often significantly)
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a k for some integer k. Notation
More information