AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM
|
|
- Diana James
- 6 years ago
- Views:
Transcription
1 AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM VORA,VRUSHANK APPRENTICE PROGRAM Abstract. This paper will analyze the strengths and weaknesses of the underlying computational problems of the ElGamal Cryptosystem. By investigating the infeasibility involved in solving such mathematical problems and the possible algorithm that could break the cryptosystem, the paper will comment upon the security of the system and its correct application. While we will briefly focus on systematic cryptosystems, the main focus of this paper will be on the ElGamal Cryptosystem and the Discrete Logarithm Problem. Contents 1. Introduction 1 2. Systematic Cryptosystems and the Rise of Public-Key Cryptosystems 2 3. Introduction to Public-Key Encryption 3 4. ElGamal Cryptosystem and the Discrete Logarithm Problem 3 5. Baby Step - Giant Step Algorithm 4 6. Security Measures Against the Baby Step-Giant Step Algorithm 5 7. Conclusion and Applications 6 Acknowledgments 6 References 7 1. Introduction Let us first consider two parties, Harry and Ron, who wish to exchange covert information with each other. They could communicate through different channels such as letters, text messaging, , etc.; however, regardless of the medium, they face a third party, Voldemort, who wishes to obtain the secret information between Harry and Ron. Since all communication channels are insecure, Harry and Ron must use other means to communicate safely. The objective of cryptography is to provide this secure mode of exchange. Using cryptography, Harry can convert the original message (plaintext) into seemingly indecipherable language (ciphertext) and send this ciphertext to Ron. This would thus allow the exchanges between Harry and Ron to be more secure across all channels depending on the strength of the underlying encryption. In the following pages, we will discuss the security of different encryption methods and their overall efficiency. Date: DEADLINE August 26,
2 2 VORA,VRUSHANK APPRENTICE PROGRAM 2. Systematic Cryptosystems and the Rise of Public-Key Cryptosystems Definition 2.1. Let n be an integer. Then two integers a and b are said to be congruent modulo n if and only if n divides a b. Denote the congruence by: a b (mod n) Notation: Z/26Z = {the ring of integers modulo 26} Definition 2.2. (Shift Ciphers) Consider plaintext x and choose a number n from Z/26Z which will serve as the encryption key. Encryption will be: x x+ n (mod 26) Example 2.3. Let the plaintext be vrush then x = and choose n = 5 then x = A W Z X M. Here, n = 5 was the encryption key and A W Z X M was the encryption of the plaintext vrush. Next, we will consider more complex systematic ciphers. Definition 2.4. (Affine Ciphers) Consider plaintext x and choose a and n from Z/26Z which will serve as the encryption key. Encryption will be: x ax+ n (mod 26) Example 2.5. Let the plaintext be vrush then x = and choose a = 5 and n = 1 then x = C I U N H. 5x +1 (mod 26) was the encryption key while the C I U N H serves as the encryption. Proposition 2.6. Two letters of plaintext will usually suffice to break any Affine Cipher. Proof. With out loss of generality, let us assume that Voldemort knows that he NO, i.e, From this, Voldemort attains: 13 = 7a + n 14 = 4a + n = 1 = 3a = a = 9 17 mod (26) and n = 24. Thus, the encryption key is fully known to the third party intruder and the cipher is subsequently broken. The previous example illustrates the relative ease in solving the underlying computational problems involved in Shift and Affine ciphers. While one can employ more complicated iterations such as applying matrices to encryption keys and representing the message as a vector, such encryptions are nevertheless susceptible to Brute-Force-Attacks, methodical checking of all possible keys by the intruder. In addition to systematic cryptosystems being relatively insecure, any two individuals wishing to communicate securely must directly contact each other to agree upon the encryption key. These systems are not only insecure, but they are also impractical for many applications: if large organizations such as banks, social networking sites, online retail stores, etc. would like to communicate with all of their clients, then using systematic cryptosystems would require them to contact their clients individually. For these reasons, systematic cryptosystems are relatively laborious and obsolete. We will hence discuss more modern systems: public-key encryption.
3 AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM3 3. Introduction to Public-Key Encryption Public-Key cryptosystems allow large organizations to communicate safely with many individuals by using asymmetric encryption. Asymmetric encryption encompasses two corresponding keys: public and private. The two keys work congruently as the ciphertext encrypted by a public key can only be decrypted by the corresponding private key. Thus, multiple individuals with the same public key can send messages to an organization that holds the private key, while preserving the security of the system. This paper will discuss one of the most prominent modern public-key cryptosystems: the ElGamal Cryptosystem. 4. ElGamal Cryptosystem and the Discrete Logarithm Problem The ElGamal Cryptosystem is a public-key cryptosystem derived from the infeasibility of solving the discrete logarithm problem for very large finite fields. This section will explore the cryptosystem s key generation algorithm, encryption, and decryption methods. Definition 4.1. Order of the finite field, F p, is the number of elements in the field. It is denoted by the subscript p. Definition 4.2. Multiplicative order of an element x in F p is the number of different elements which can be obtained by raising x to all powers mod(p).it is denoted by ord(x). Definition 4.3. Multiplicative generator of F p is an element y in the finite field such that ord(y) = p 1 ElGamal encryption system uses finite fields to create ciphertexts. By choosing p such that it is prime, we will always be able to construct a finite field with p n elements. The choice of prime-numbered fields thus facilitates encryptions more efficiently than the choice of finite fields with non-prime number of elements. Definition 4.4. (Discrete Logarithms) Let F p be the finite field with p elements and let y be a generator of F p. Then for all x F p can be written as x = y a and we define a = L y (x) L y (x) is the discrete logarithm of x to the base y. It is only defined p-1 because y p 1 = 1. Example 4.5. Let us consider F 17 where y=3 is a generator F 17. We ll find: L 3 (15) =? We will compute the different powers of 3 until we can attain 15: 3 1 = 3 ; 3 2 = 9 ; 3 3 = 10 ; 3 4 = 13 ; 3 5 = 5; 3 6 = 15 hence; L 3 (15) = 6 Application of discrete logarithm in cryptosystems derives from the computational difficulty of finding a = L y (x). Since we are applying modular arithmetic over the finite field, it is more difficult to compute the discrete logarithm than it would be in the real number system. In the real numbers, it would be simple to use the log function to get an approximation for a. Working in a prime numbered
4 4 VORA,VRUSHANK APPRENTICE PROGRAM field, however, forces us to find an exact integer solution. Though, if p is small, the answer can be found relatively quickly by trying all possibilities, i.e., a Brute-Force Attack. For this reason we must use high-order fields since there is no fast way of computing the discrete logarithm over a large field. Key Generation Algorithm: Let s first consider Harry who wants to communicate with Ron and Hermonie covertly. If he wants to use the ElGamal System, he should do the following: 1.) Create a finite field F p and a generator y of F p 2.) Choose an integer a and compute x = y a the Discrete Logarithm 3.) The triple (F p, y, x) will become public, but the discrete logarithm, L y (x) = a is only known to Harry. Encryption: If Ron wants to encrypt a message to Harry, then Ron should do the following: 1.) Represent the message in terms of an integer m, such that m {0, 1,..., p 1} 2.) Choose a random integer k, such that 1 k p ) Then compute r = y k and t = mx k such that r,t {0, 1,..., p 1} The Ciphertext c = (r,t) should be sent to Harry Decryption: In order to recover message, m, from the ciphertext, c, Harry should do the following: 1.) Use the private key a to compute r p 1 a mod(p) 2.) Recover the m by deriving tr a Proposition 4.6. ElGamal s encryption returns the original plaintext message when given a correctly calculated ciphertext. Proof. Let c = (r, t) then r = y k and t = mx k where x = y a. Deriving tr a attains the following: tr a = mx k (y k ) a = m(g a ) k (g k ) a = m Thus, we are guaranteed to attain the plaintext if the ciphertext is correctly computed in the ElGamal encryption. Example 4.7. Let the public ElGamal Cryptosystem, (F p, y, x) = (F 23,7, 4). Assume the encrypted pair (r,t) = (21, 11). Then using what we know about discrete logarithms, we can calculate value of the discrete logarithm and the message m: a = L 7 (4) = 6 m = 21 6 (11) = 7 5. Baby Step - Giant Step Algorithm We will next explore a possible attack against this sytem. An attacker can learn information about the plaintext without decrypting the ciphertext: given two encryptions the attacker can figure out which plaintext was a quadratic residue and one was not. This is the fundamental premise of the Baby Step-Giant Step attack, which encompasses a series of well-defined steps to compute the discrete logarithm of the underlying ElGamal system. Definition 5.1. (Baby Step - GiantStep Algorithm) Assume there exists a discrete logarithm, x = y a in F p that we want to solve. Let N = p 1 + 1
5 AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM5 Final step in the algorithm consists of making two lists and looking for a match: Baby Step: y 0, y 1, y 2,..., y N 1 Giant Step: x, xy N, xy 2N,..., xy (N 1)N Proposition 5.2. If we find that there exists a match between the Baby Step and Giant Step lists, then the ElGamal System is broken. Proof. Assume there is a match between the two lists, y j = xy kn y j+kn = x and since y a = x Thus, y a = y j+kn = x Since j, k, and N are public, the discrete logarithm problem is solved and the underlying ElGamal cryptosystem is broken. Theorem 5.3. Using the Baby Step-Giant Step algorithm, there will always be a match between the two lists. Proof. Recall that N = p Note by this definition: and therefore a can be written as: This thus leads to: hence; 0 a < p 1 N 2 a = a 0 + a 1 N where a 0, a 1 N 1. x = y a = y a0 (y a1 ) N y a0 = b(y a1 ) N. This shows that we have a match between the Baby Step and the Giant Step lists. Remark 5.4. The Bay Step-Giant Step Algorithm roughly needs 2 p in order to calculate the discrete logarithm. 6. Security Measures Against the Baby Step-Giant Step Algorithm The previous theorem and remark illustrate that the underlying discrete logarithm of an ElGamal Cryptosystem can be computed using the Baby Step-Giant Step Algorithm. While it is possible to solve the underlying discrete logarithm, it nevertheless requires 2 p calculations for any given finite prime ordered field. Thus, in order to make the cryptosystem probabilistically secure, one must choose a large enough field and a high order generator. It becomes impractical to break the ElGamal system with the Baby Step-Giant Step Algorithm for a prime numbered field larger than This section will analyze other possible and practical ways to make the ElGamal Cryptosystem more secure against the Bab Step-Giant Step Attack. We will first introduce the computational diffie-hellman problem and show how its computational difficulty affects the underlying discrete logarithm.
6 6 VORA,VRUSHANK APPRENTICE PROGRAM Definition 6.1. (Diffie-Hellman Problem) Let F p be the finite field with p elements and let y be a generator of F p. Then for given values y b, y c in F p, finding y bc is the computational diffie-hellman problem. While the ElGamal system relies on the discrete logarithm problem, the security of the cryptosystem is very entrenched in difficulty of solving the underlying diffiehellman problem. The following theorem proves that if the underlying diffie-hellman problem is weak then its discrete logarithm is easily breakable. Theorem 6.2. The ElGamal cryptosystem is breakable if and only if the underlying computational diffie-hellman problem is breakable. Proof. Let us first assume that we have the algorithm that breaks the underlying Diffie-Hellman Problem: Thus, we know the value of y bc from the values of y b and y c. Take as input y b = a and y c = r, where a and r are the quantities of the underlying discrete logarithm and the ElGamal system. As y x = a and y k = r, the algorithm will compute y bc = y xk. Since, m = tr a = tg ak and we find m and the system is broken. Next, let us assume that the we have the algorithm that breaks the underlying Discrete Logarithm Problem: Therefore, we know that m = tr a from a given pair (r,t) associated with the triple (F p, y, x). We thus take as input a = y x, so b = x and r = y c, so t = 1. The algorithm thus produces m = tr a = y bc. This provides us with the value of the underlying diffie-hellman problem. The theorem thus implies that the diffie-hellman problem must be secure in order for the ElGamal Encryption based upon the discrete logarithm problem to be secure. For the protection of the ElGamal system, the organization using the cryptosystem must check for the security of the diffie-hellman problem as it serves as a necessary means to secure the ElGamal cryptosystem against the Baby Step- Giant Step Algorithm. 7. Conclusion and Applications Since the ElGamal encryption is prone to attacks such as the Baby Step-Giant Step, users of this cryptosystem must take proper precautions to strengthen the underlying discrete logarithm problem such that it becomes probabilistically infeasible to break the system. The users should use a large (possibly greater than elements) prime numbered finite field with a high-order generator and check for the computational difficulty of the respective diffie-hellman problem. ElGamal cryptosystem likewise allows for individuals using the encryption to remain anonymous in one way or another. Thus, this system can be very useful in conducting online voting ballots or any other transactions in which the recipients wish to hide their identities. Acknowledgments. It is a pleasure to thank my mentor, Preston Wake for all his guidance and knowledge on the subject of the paper. I would also like to thank Peter May and the REU Professors providing this opportunity and sharing their Mathematical knowledge with me.
7 AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM7 References [1] Helgeson, Melissa. Security and Application of ElGamal s Encryption Algorithm. University of Minnesota, Morris. 04 May Web. 16 Aug [2] Kolster, Michael. Introduction to Cryptography [3] Menezes, A. J., Oorschot Paul C. Van, and Scott A. Vanstone. Handbook of Applied Cryptography. Boca Raton: CRC, 1997
CRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationLecture 7: ElGamal and Discrete Logarithms
Lecture 7: ElGamal and Discrete Logarithms Johan Håstad, transcribed by Johan Linde 2006-02-07 1 The discrete logarithm problem Recall that a generator g of a group G is an element of order n such that
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationMATH 158 FINAL EXAM 20 DECEMBER 2016
MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page
More informationAn Introduction to Probabilistic Encryption
Osječki matematički list 6(2006), 37 44 37 An Introduction to Probabilistic Encryption Georg J. Fuchsbauer Abstract. An introduction to probabilistic encryption is given, presenting the first probabilistic
More informationb = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.
INTRODUCTION TO CRYPTOGRAPHY 5. Discrete Logarithms Recall the classical logarithm for real numbers: If we write b = 10 a, then a = log 10 b is the logarithm of b to the base 10. Changing the base to e
More informationNotes for Lecture 17
U.C. Berkeley CS276: Cryptography Handout N17 Luca Trevisan March 17, 2009 Notes for Lecture 17 Scribed by Matt Finifter, posted April 8, 2009 Summary Today we begin to talk about public-key cryptography,
More informationRSA ENCRYPTION USING THREE MERSENNE PRIMES
Int. J. Chem. Sci.: 14(4), 2016, 2273-2278 ISSN 0972-768X www.sadgurupublications.com RSA ENCRYPTION USING THREE MERSENNE PRIMES Ch. J. L. PADMAJA a*, V. S. BHAGAVAN a and B. SRINIVAS b a Department of
More informationCandidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.
UNIVERSITY OF EAST ANGLIA School of Mathematics May/June UG Examination 2010 2011 CRYPTOGRAPHY Time allowed: 2 hours Attempt THREE questions. Candidates must show on each answer book the type of calculator
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationCryptography. P. Danziger. Transmit...Bob...
10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of
More informationIntroduction to Cryptography. Lecture 8
Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationCryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages
Cryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages MEI-NA WANG Institute for Information Industry Networks and Multimedia Institute TAIWAN, R.O.C. myrawang@iii.org.tw SUNG-MING
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationQuestion: Total Points: Score:
University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please
More information8.1 Principles of Public-Key Cryptosystems
Public-key cryptography is a radical departure from all that has gone before. Right up to modern times all cryptographic systems have been based on the elementary tools of substitution and permutation.
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA: Review and Properties Factoring Algorithms Trapdoor One Way Functions PKC Based on Discrete Logs (Elgamal) Signature Schemes Lecture 8 Tel-Aviv University
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols University of Massachusetts Amherst nichols@math.umass.edu WINRS Research Symposium Brown University March 4, 2017 Cryptography basics Cryptography
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More information10 Modular Arithmetic and Cryptography
10 Modular Arithmetic and Cryptography 10.1 Encryption and Decryption Encryption is used to send messages secretly. The sender has a message or plaintext. Encryption by the sender takes the plaintext and
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationElliptic curves: Theory and Applications. Day 4: The discrete logarithm problem.
Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem. Elisa Lorenzo García Université de Rennes 1 14-09-2017 Elisa Lorenzo García (Rennes 1) Elliptic Curves 4 14-09-2017 1 /
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 3 January 22, 2013 CPSC 467b, Lecture 3 1/35 Perfect secrecy Caesar cipher Loss of perfection Classical ciphers One-time pad Affine
More information8 Elliptic Curve Cryptography
8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given
More informationOne can use elliptic curves to factor integers, although probably not RSA moduli.
Elliptic Curves Elliptic curves are groups created by defining a binary operation (addition) on the points of the graph of certain polynomial equations in two variables. These groups have several properties
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationElliptic Curves. Giulia Mauri. Politecnico di Milano website:
Elliptic Curves Giulia Mauri Politecnico di Milano email: giulia.mauri@polimi.it website: http://home.deib.polimi.it/gmauri May 13, 2015 Giulia Mauri (DEIB) Exercises May 13, 2015 1 / 34 Overview 1 Elliptic
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationTi Secured communications
Ti5318800 Secured communications Pekka Jäppinen September 20, 2007 Pekka Jäppinen, Lappeenranta University of Technology: September 20, 2007 Relies on use of two keys: Public and private Sometimes called
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationPolynomial Interpolation in the Elliptic Curve Cryptosystem
Journal of Mathematics and Statistics 7 (4): 326-331, 2011 ISSN 1549-3644 2011 Science Publications Polynomial Interpolation in the Elliptic Curve Cryptosystem Liew Khang Jie and Hailiza Kamarulhaili School
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 10-1 Overview 1. How to exchange
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer 1 Lecture 13 October 16, 2017 (notes revised 10/23/17) 1 Derived from lecture notes by Ewa Syta. CPSC 467, Lecture 13 1/57 Elliptic Curves
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationWeek 7 An Application to Cryptography
SECTION 9. EULER S GENERALIZATION OF FERMAT S THEOREM 55 Week 7 An Application to Cryptography Cryptography the study of the design and analysis of mathematical techniques that ensure secure communications
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationPublic Key Encryption
Public Key Encryption KG October 17, 2017 Contents 1 Introduction 1 2 Public Key Encryption 2 3 Schemes Based on Diffie-Hellman 3 3.1 ElGamal.................................... 5 4 RSA 7 4.1 Preliminaries.................................
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC
More informationThe Elliptic Curve in https
The Elliptic Curve in https Marco Streng Universiteit Leiden 25 November 2014 Marco Streng (Universiteit Leiden) The Elliptic Curve in https 25-11-2014 1 The s in https:// HyperText Transfer Protocol
More informationLecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security
Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security Boaz Barak November 21, 2007 Cyclic groups and discrete log A group G is cyclic if there exists a generator
More informationTHE RSA CRYPTOSYSTEM
THE RSA CRYPTOSYSTEM SILVIA ROBLES Abstract. This paper explores the history and mathematics behind the RSA cryptosystem, including the idea of public key cryptosystems and number theory. It outlines the
More informationMath 430 Midterm II Review Packet Spring 2018 SOLUTIONS TO PRACTICE PROBLEMS
Math 40 Midterm II Review Packet Spring 2018 SOLUTIONS TO PRACTICE PROBLEMS WARNING: Remember, it s best to rely as little as possible on my solutions. Therefore, I urge you to try the problems on your
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationHans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009. References. References
Hans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009 Die Unterlagen sind ausschliesslich zum persoenlichen Gebrauch der Vorlesungshoerer bestimmt. Die Herstellung von elektronischen
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Elliptic Curves An elliptic curve is a cubic equation of the form: y + axy + by = x 3 + cx + dx + e where a, b, c, d and e are real numbers. A special addition operation is
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationReview. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm
Review CS311H: Discrete Mathematics Number Theory Instructor: Işıl Dillig What does it mean for two ints a, b to be congruent mod m? What is the Division theorem? If a b and a c, does it mean b c? What
More informationarxiv: v3 [cs.cr] 15 Jun 2017
Use of Signed Permutations in Cryptography arxiv:1612.05605v3 [cs.cr] 15 Jun 2017 Iharantsoa Vero RAHARINIRINA ihvero@yahoo.fr Department of Mathematics and computer science, Faculty of Sciences, BP 906
More informationClassical Cryptography
Classical Cryptography CSG 252 Fall 2006 Riccardo Pucella Goals of Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to communications Alice and Bob share a key K Alice
More informationCryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev
Cryptography Lecture 2: Perfect Secrecy and its Limitations Gil Segev Last Week Symmetric-key encryption (KeyGen, Enc, Dec) Historical ciphers that are completely broken The basic principles of modern
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols nichols@math.umass.edu University of Massachusetts Oct. 14, 2015 Cryptography basics Cryptography is the study of secure communications. Here are
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationSuppose F is a field and a1,..., a6 F. Definition 1. An elliptic curve E over a field F is a curve given by an equation:
Elliptic Curve Cryptography Jim Royer CIS 428/628: Introduction to Cryptography November 6, 2018 Suppose F is a field and a 1,..., a 6 F. Definition 1. An elliptic curve E over a field F is a curve given
More informationFinal Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.
Final Exam Math 10: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 0 April 2002 :0 11:00 a.m. Instructions: Please be as neat as possible (use a pencil), and show
More information1 What are Physical Attacks. 2 Physical Attacks on RSA. Today:
Today: Introduction to the class. Examples of concrete physical attacks on RSA A computational approach to cryptography Pseudorandomness 1 What are Physical Attacks Tampering/Leakage attacks Issue of how
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationLecture 28: Public-key Cryptography. Public-key Cryptography
Lecture 28: Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies on the fact that the adversary does not have access
More informationLecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004
CMSC 858K Advanced Topics in Cryptography February 5, 2004 Lecturer: Jonathan Katz Lecture 4 Scribe(s): Chiu Yuen Koo Nikolai Yakovenko Jeffrey Blank 1 Summary The focus of this lecture is efficient public-key
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationPublic-Key Encryption: ElGamal, RSA, Rabin
Public-Key Encryption: ElGamal, RSA, Rabin Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Public-Key Encryption Syntax Encryption algorithm: E. Decryption
More informationBreaking Plain ElGamal and Plain RSA Encryption
Breaking Plain ElGamal and Plain RSA Encryption (Extended Abstract) Dan Boneh Antoine Joux Phong Nguyen dabo@cs.stanford.edu joux@ens.fr pnguyen@ens.fr Abstract We present a simple attack on both plain
More informationLECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS
LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several
More informationNumber Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers
Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications
More informationJoseph Fadyn Kennesaw State University 1100 South Marietta Parkway Marietta, Georgia
ELLIPTIC CURVE CRYPTOGRAPHY USING MAPLE Joseph Fadyn Kennesaw State University 1100 South Marietta Parkway Marietta, Georgia 30060 jfadyn@spsu.edu An elliptic curve is one of the form: y 2 = x 3 + ax +
More informationFinal Report. Cryptography and Number Theory Boot Camp NSF-REU. Summer 2017
Final Report Cryptography and Number Theory Boot Camp NSF-REU Angel Agüero Mahmoud El-Kishky Dietrich Jenkins Catherine Marin King Asa Linson Enrique Salcido Kaitlin Tademy Summer 2017 Abstract In this
More informationCS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky. Lecture 7
CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky Lecture 7 Lecture date: Monday, 28 February, 2005 Scribe: M.Chov, K.Leung, J.Salomone 1 Oneway Trapdoor Permutations Recall that a
More informationNumber theory (Chapter 4)
EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?
More informationAspect of Prime Numbers in Public Key Cryptosystem
Aspect of Prime Numbers in Public Key Cryptosystem Md.Mehedi Masud, Huma Galzie, Kazi Arif Hossain and Md.Minhaj Ul Islam Computer Science and Engineering Discipline Khulna University, Khulna-9208, Bangladesh
More informationENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange
ENEE 457: Computer Systems Security 10/3/16 Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More informationLattices. A Lattice is a discrete subgroup of the additive group of n-dimensional space R n.
Lattices A Lattice is a discrete subgroup of the additive group of n-dimensional space R n. Lattices have many uses in cryptography. They may be used to define cryptosystems and to break other ciphers.
More informationNotes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I
Number Theory: Applications Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Fall 2007 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 3.4 3.7 of Rosen cse235@cse.unl.edu
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationMethods of Public-Key Cryptography. Émilie Wheeler
Methods of Public-Key Cryptography Émilie Wheeler December 10, 2012 Contents 1 Introduction 2 2 Cryptosystems based on Elementary Number Theory 3 2.1 Elementary Number Theory Background............ 3 2.1.1
More informationBlind Collective Signature Protocol
Computer Science Journal of Moldova, vol.19, no.1(55), 2011 Blind Collective Signature Protocol Nikolay A. Moldovyan Abstract Using the digital signature (DS) scheme specified by Belarusian DS standard
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationAttacks on RSA & Using Asymmetric Crypto
Attacks on RSA & Using Asymmetric Crypto Luke Anderson luke@lukeanderson.com.au 7 th April 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Breaking RSA 2.1 Chinese Remainder Theorem 2.2 Common
More informationMy brief introduction to cryptography
My brief introduction to cryptography David Thomson dthomson@math.carleton.ca Carleton University September 7, 2013 introduction to cryptography September 7, 2013 1 / 28 Outline 1 The general framework
More informationNUMBER THEORY FOR CRYPTOGRAPHY
1 CHAPTER 4. NUMBER THEORY FOR CRYPTOGRAPHY 1 INSTITÚID TEICNEOLAÍOCHTA CHEATHARLACH INSTITUTE OF TECHNOLOGY CARLOW NUMBER THEORY FOR CRYPTOGRAPHY Contents 1 Number Theory for Cryptography 2 1.1 Linear
More informationMath.3336: Discrete Mathematics. Primes and Greatest Common Divisors
Math.3336: Discrete Mathematics Primes and Greatest Common Divisors Instructor: Dr. Blerina Xhabli Department of Mathematics, University of Houston https://www.math.uh.edu/ blerina Email: blerina@math.uh.edu
More information19. Coding for Secrecy
19. Coding for Secrecy 19.1 Introduction Protecting sensitive information from the prying eyes and ears of others is an important issue today as much as it has been for thousands of years. Government secrets,
More informationIntroduction to Cybersecurity Cryptography (Part 5)
Introduction to Cybersecurity Cryptography (Part 5) Prof. Dr. Michael Backes 13.01.2017 February 17 th Special Lecture! 45 Minutes Your Choice 1. Automotive Security 2. Smartphone Security 3. Side Channel
More information14 Diffie-Hellman Key Agreement
14 Diffie-Hellman Key Agreement 14.1 Cyclic Groups Definition 14.1 Example Let д Z n. Define д n = {д i % n i Z}, the set of all powers of д reduced mod n. Then д is called a generator of д n, and д n
More informationPseudo-random Number Generation. Qiuliang Tang
Pseudo-random Number Generation Qiuliang Tang Random Numbers in Cryptography The keystream in the one-time pad The secret key in the DES encryption The prime numbers p, q in the RSA encryption The private
More information