2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
|
|
- Britney Morris
- 6 years ago
- Views:
Transcription
1 CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such that A = α a The exponent a is called the discrete logarithm of A in base α It is denoted by log α A The group ( Z /13 Z ) is a cyclic group of order 1 with [] 13 a generator A [1] 13 [] 13 [3] 13 [4] 13 [5] 13 [6] 13 [7] 13 [8] 13 [9] 13 [10] 13 [11] 13 [1] 13 log []13 A The group ( Z /n Z + [0] n ) is a cyclic group of order n α = [a] n is a generator if and only if gcd(a n) = 1 Let B = [b] n G and l = log α B Then B = α l so b al (mod n) But α is invertible in Z /n Z so l ba 1 (mod n) The difficulty of taking discrete logarithms depends on the group For the groups ( Z /p Z ) p a prime number the problem is considered hard 51 Diffie-Hellman Alice and Bob want to communicate via an unsecured channel using a symmetric cryptosystem for example AES They need to communicate the key used to each other The following protocol gives them a way of doing so It its security is based on the difficulty of taking discrete logarithms in ( Z /p Z ) p a prime number Diffie-Hellman Key Exchange Alice (on her own or together wit Bob) chooses a prime number p and a generator [α] n of ( Z /p Z ) Alice chooses an a {0 1 p } and computes A α a (mod p) Alice sends A (with α and p) to Bob Bob chooses a b {0 1 p } and computes B α b (mod p) Bob sends B to Alice Alice computes B a (mod p) and Bob computes A b (mod p) Since B a (α b ) a α ab (α a ) b A b (mod p) Alice and Bob have computed the same number K = α ab (mod p) This number K can be used as they key for the symmetric cryptosystem they use (or the first 18 bits of K written in base or something similar) Alice chooses p = 17 and α = 3 as a generator of ( Z /17 Z ) She chooses a = 7 and computes 3 7 (mod 17) = 11 She sends p = 17 α = 3 and A = 11 to Bob Bob chooses b = 4 and computes 3 4 (mod 17) = 13 and sends B = 13 to Alice Alice computes B a = 13 7 (mod 17) = 4 and Bob computes A b = 11 4 (mod 17) = 4 Their key is 4 Remarks
2 CRYPTOGRAPHY 0 1 The protocol also works in other groups One needs to choose an α G of large order The security of the protocol is not based on the secrecy of the prime p 3 Alice needs to find a generator of ( Z /p Z ) which is a group of order p 1 She can t always factorize p 1 Alice could take p = + 1 with a (large) Sophie Germain prime Now she has an efficient way of choosing a generator ( Z /p Z ) In the example Eve and Oscar are in the possession of p = 17 α = 3 A = 11 and B = 13 They want to calculate K Since A = 11 3 a (mod 17) and B = 13 3 b (mod 17) we have a = log 3 11 and b = log 3 13 If they can compute one of these discrete logarithms then they can compute K since K B a A b (mod 17) But there might be other ways of finding K The problem Eve and Oscar need solve is called the Diffie-Hellman problem Diffie-Hellman problem Given a prime p a generator [α] p of ( Z /p Z ) and two numbers A and B determine K where A α a (mod p) B α b (mod p) and K α ab (mod p) One can state this in terms of elements in a group: Given a group G an element α G of large order and two elements A B α determine K where K = α ab and A = α a B = α b The difficulty in solving the Diffie-Hellman problem depends on the group G For ( Z /p Z ) it is considered a hard problem As for now taking discrete logarithms seems to be the only solution but no efficient algorithm is known at this moment Man in the middle attack Suppose Alice and Bob want to use the Diffie-Hellman Key exchange to exchange a key but the channel is controlled by Eve and Oscar Alice chooses p α and a {0 1 p } computes A = α a (mod p) and sends p α and A to Bob Eve and Oscar intercept the message and they choose an e {0 1 p } and compute E = α e (mod p) Oscar fakes to be Bob and sends E to Alice Alice computes K 1 = E a (mod p) and Oscar computes K 1 = A e (mod p) Eve fakes to be Alice and sends p α and E to Bob Bob chooses a b {0 1 p } computes B = α b (mod p) and sends B back to the fake Alice Bob computes K = E b (mod p) and Eve computes K = B e (mod p) Alice K 1 = A e = E a Eve and Oscar K = E b = B e Bob A = α a E = α e B = α b Alice thinks she is sharing the key K 1 with Bob Bob thinks he is sharing the key K with Alice When Alice sends a message to Bob she uses the key K 1 Eve and Oscar use the key K 1 to read the message and then use the key K to encrypt it and send it to Bob The message received by Bob is encrypted with the key K which is the key he thinks he shares with Alice Bob has no reason to believe he is not talking to Alice Nor does Alice when she receives messages from Bob In this way Eve and Oscar can read all the correspondence between Alice and Bob without them suspecting anything In order to protect them self of the man in the middle attack Alice and Bob need first to authenticate them self before exchanging a key The authentication can be done via a public key cryptosystem 5 ElGamal public key cryptosystem We describe the cryptosystem in a non formal way Alice chooses a prime p a generator [α] p ( Z /p Z ) and an a {0 1 p } She computes A = α a (mod p) Her public key is (p α A) Her secret key is a so the private key space is K s = {0 1 p } The plain text and cipher text spaces are P = Z /p Z and C = ( Z /p Z ) Z /p Z The encryption is as follows:
3 CRYPTOGRAPHY 1 Bob wants to send m to Alice He chooses a b {0 1 p } computes B = α b (mod p) and then computes c = A b m (mod p) The cipher text is (B c) The decryption is as follows: Alice computes B x c (mod p) where x = p 1 a Since B x (α b ) a α b() α ab (α ab ) 1 (mod p) and c = A b m α ab m (mod p) it follows that B x c m (mod p) Remark Alice and Bob are interchanging the Diffie-Hellman key K = A b = B a (mod p) Alice made her part A public Bob provides Alice with his part B of the key in the first part of the encrypted message Bob multiplies in Z /p Z the message m with A b Thus he multiplied the message with the Diffie-Hellman key and sends that with his part B of the Diffie-Hellman key to Alice Alice computes B x K 1 (mod p) which is the inverse of the Diffie-Hellman key and multiplies that with c to obtain the original message Alice takes p = 3 α = 7 and a = 6 Then A = (mod 3) The public key of Alice is (p = 3 α = 7 A = 4) Suppose Bob wants to send to Alice He takes the public key (p = 3 α = 7 A = 4) of Alice and chooses b = 3 He computes B = (mod 3) and c = (mod 3) The cipher text is (B = 1 c = 13) which he sends to Alice Alice first calculates K 1 = (B a ) 1 ((1) 6 ) (mod 3) and then K 1 c 9 13 (mod 3) Remarks 1 Using a plain text space of the about the same size in RSA and ElGamal results in ElGamal in a cipher text space which about double the size as the cipher text space of RSA Bob chooses b arbitrary So for Eve and Oscar c is arbitrary too 3 Both A and B are powers of α so are in the group generated by α The key K is a power of A and B Since A and B are public their order should be large for otherwise K can be computed Thus gcd(a p 1) and gcd(b p 1) should be small 4 The set up can also be made using groups different from ( Z /p Z ) using an element of large order Lemma 51 The security of ElGamal is euivalent to the Diffie-Hellman problem Proof Suppose Eve and Oscar have a way of solving the Diffie-Hellman problem That is they are in the possession of a black box that from given p α A and B calculates K where K = α ab with a = log α A and b = log α B The correspondence between Alice and Bob contains the public key p α A and the cipher text (B c) Feeding p α A and B to their black box they obtain K They then can calculate K 1 and K 1 c = m Hence Eve and Oscar can read the message m Suppose Eve and Oscar have a way of reading ElGamal messages That is they are in the possession of a black box that from given p α A and (B c) calculates m where m = (α ab ) 1 c with a = log α A and b = log α B Eve and Oscar are in the possession of p α A and B If they give p α A and (B 1) to the black box it will calculate (α ab ) 1 But this is K 1 and so they can obtain K Hence they can solve the Diffie-Hellman problem Lemma 5 Bob should vary his choice of b
4 CRYPTOGRAPHY Proof Suppose that Bob in his correspondence with Alice sends two messages m 1 and m having chosen the same number b The cipher texts are (B c 1 ) and (B c 1 ) where c 1 A b m 1 (mod p) and c A b m (mod p) If m is invertible then so is c and since c 1 c 1 (A b m 1 )(A b m ) 1 m 1 (m ) 1 (mod p) it follows that if Eve and Oscar know the pair (m c ) they can compute c 1 c 1 m m 1 (mod p) 53 Pohlig-Hellman algorithm Let p be a prime number and α a generator of ( Z /p Z ) so o(α) = p 1 Given ( Z /p Z ) the algorithm calculates the discrete logarithm log α that is it finds 0 x p with α x = In order to do this it suffices to find x (mod p 1) Let p 1 = r1 1 r rn n be the factorization in primes Thus for i j {1 n} we have that i is a prime with i j if i j and r i 1 with ri i p 1 but ri+1 i p 1 Observe that if for each i {1 n} x (mod ri i ) is known then the Chinese Remainder Theorem will allows us to determine x (mod p 1) and so x Let be a prime and r 1 with r p 1 and r+1 p 1 The following algorithm allows us to calculate x (mod r ) Let x = x 0 + x 1 + x + x x r r + with 0 x i 1 (so x is written in base ) In oder to calculate x (mod r ) it suffices to calculate x 0 x 1 x r 1 Since p 1 is divisible by 3 r we have 3 Z r The element α has order We list the elements of the group generated by it in a table of reference: Let 0 = so 0 = α x0+x1+x + Since k (α ) k 1 α (α ) (α 0 = α (x0+x1+x) = α x0( x 0 can be determined with the reference table Let 1 = 0 α x0 so 1 = α (x1+x+) Since 1 = α (x1+x+x3) = α x1( x 1 can be determined with the reference table Let = 1 α x1 so = α (x +x 3+) Since 3 = α (x+x3+x4) = α x( x can be determined with the reference table )+()(x1+x+ ) = α )+()(x+x3+ ) = α )+()(x3+x4+ ) = α Let r 1 = r α xr r so r 1 = α r 1 (x r 1+x r+) Since r r 1 = α (xr 1+xr+) = α xr 1( x r 1 can be determined with the reference table )+()(xr+ ) = α ) 1 x0( x1( x( xr 1( ) = (α ) x 0 ) = (α ) x 1 ) = (α ) x ) = (α ) x r 1 We have found x 0 x 1 x r 1 and thus also x x 0 + x 1 + x + x x r 1 r 1 (mod r ) Note that the algorithm finishes automatically as at the next step is not an integer r+1
5 CRYPTOGRAPHY 3 Let p = 1373 The group ( Z /1373 Z ) is cyclic of order 137 = 7 3 Let α = [] 1373 Since 73 1 (mod 1373) and (mod 1373) o([] 1373 ) = 137 and so α is a generator Let = [801] 1373 We determine log α using the Pohlig-Hellman algorithm Thus we determine 0 x 137 with x 801 (mod 1373) Determination of x (mod ) Write x = x 0 + x 1 + x + Since 137 = 686 the reference table is k 0 1 ([ 686 ] 1373 ) k [1] 1373 [137] (mod 1373) Hence x 0 = 1 and 1 = 0 α (mod 1373) (mod 1373) Hence x 1 = 1 Hence x (mod ) Determination of x (mod 7 3 ) Write x = x 0 + x x 7 + x Since = 196 the reference table is k ([ 196 ] 1373 ) k [1] 1373 [333] 1373 [1049] 1373 [575] 1373 [68] 1373 [48] 1373 [1105] (mod 1373) Hence x 0 = and 1 = 0 α (mod 1373) (mod 1373) Hence x 1 = 3 and = 1 α (mod 1373) (mod 1373) Hence x = 1 Hence x (mod 7 3 ) We have found that { x 3 (mod 4) x 7 (mod 343) Hence by the Chinese Remainder Theorem x 415 (mod 137) So x = 415 We can check our answer: (mod 1373) which is correct Determine 0 x 40 with 7 x 1 (mod 41) We have p = 41 α = [7] 41 and = [1] 41 Thus p 1 = 40 = 3 5 Determination of x (mod 3 ) Write x = x 0 + x 1 + x + x 3 3 Since 40 k 0 1 ([7 0 ] 41 ) k [1] 41 [40] 41 = 0 the reference table is (mod 41) Hence x 0 = 1 and 1 = 0 α (mod 41) (mod 41) Hence x 1 = 0 and = 1 α (mod 41) (mod 41) Hence x = 1 Hence x (mod 3 ) Determination of x (mod 5)
6 CRYPTOGRAPHY 4 Write x = x 0 + x Since 40 5 = 8 the reference table is k ([7 8 ] 41 ) k [1] 41 [37] 41 [16] 41 [18] 41 [10] (mod 41) Hence x 0 = 3 Hence x 3 (mod 5) We have found that { x 5 (mod 8) x 3 (mod 5) Hence by the Chinese Remainder Theorem x 13 (mod 40) So x = 13 We can check our answer: (mod 41) which is correct Remark The Pohlig-Hellman algorithm is efficient if the factorization of p 1 in to primes does not involve large primes 54 Index Calculus Let p be a prime number and α a generator of ( Z /p Z ) so o(α) = p 1 Given ( Z /p Z ) the method calculates if you are lucky the discrete logarithm log α that is it finds 0 x p with α x = In order to do this it suffices to find x (mod p 1) Let B = {p 1 p p r } a set of primes different from p and let a b Z such that α = [a] p and = [b] p For i {1 r} we have [p i ] p ( Z /p Z ) Since [p i ] p = α logα[pi]p we have p i a logα[pi]p (mod p) First we attempt to calculate log α [p i ] p for i {1 r} This can be done as follows: Find x j Z such that α xj [p i ] p 1 i r That is the number a xj (mod p) factorizes in primes contained in B Say a xj p a1j 1 p aj p arj r (mod p) Thus x j a 1j log α [p 1 ] p + a j log α [p ] p + + a rj log α [p r ] p (mod p 1) where the values af a ij are determined from the factorization in primes of a xj (mod p) If one can find enough of these numbers x j such that the euations are linear independent then one can solve the system of linear linear euations and find log α [p i ] p for i {1 r} Next find an s Z such that α s [p i ] p 1 i r That is the number ba s (mod p) factorizes in primes contained in B Say ba s p b1 1 pb pbr r (mod p) Thus x + s b 1 log α [p 1 ] p + b log α [p ] p + + b r log α [p r ] p (mod p 1) where b 1 b b r Z are determined from the factorization in primes of ba s (mod p) Hence x can be determined Let p = α = [5] and = [9451] Let B = { 3 5 7} We have Let x 1 = 4063 then (mod 10007) and 4 = 3 7 Let x = 5136 then (mod 10007) and 54 = 3 3 Let x 3 = 9865 then (mod 10007) and 189 = Let x 4 = 1 then (mod 10007) and 5 = 5 1 To simplify notation let log 5 s = log [5]10007 [s] for s Z with gcd(10007 s) = 1 Hence 4063 log 5 + log log 5 7 (mod 10006) 5136 log log 5 3 (mod 10006) log log 5 7 (mod 10006) 1 log 5 5 (mod 10006)
7 CRYPTOGRAPHY 5 Solving the linear system gives log 5 = log 5 3 = 6190 log 5 5 = 1 and log 5 7 = 1301 Take s = 7736 then (mod 10007) and 8400 = Hence It follows that x = Shank s Algorithm x log log log log 5 7 (mod 10006) Let p be a prime number and α a generator of ( Z /p Z ) so o(α) = p 1 Given ( Z /p Z ) the method calculates the discrete logarithm Recall that it sufices to find the number modulo p 1 The algorithm is based on the following observation: Lemma 53 Let p be a prime number m = p α a generator of ( Z /p Z ) and ( Z /p Z ) Then there exist k r Z with 0 k r m 1 such that α mk = α r Proof Suppose = α x with 0 x p 1 Let m = p Then x = mk + r for some k r Z with 0 r m 1 If k m then x = mk + r m + r m p > p 1 a contradiction So 0 k r m 1 Now = α x = α mk+r = α mk α r so α mk = α r Shank s Algorithm: Let L 1 = {(j α jm ) 0 j m 1} and L = {(i α i ) 0 i m 1} Sort the lists according to the second coordinate Find (j 0 y) L 1 and (i 0 y) L (that is find a pair in L 1 and one in L that have the same second coordinate) Then log α mj 0 + i 0 (mod (p 1)) The lemma shows that at least one such a pair (j 0 y) L 1 and (i 0 y) L exists Moreover for such a pair we have y = α j0m = α i0 That is α j0m α i0 = hence α mj0+i0 = = α x Thus we have x mj 0 + i 0 (mod (p 1)) Let p = 97 and α = [5] 97 hence m = 10 We compute the discrete logarithm of = [34] 97 j ([5] 97 ) 10j i [34] 97 ([5] 97 ) i 0 [1] 97 0 [34] 97 1 [53] 97 1 [65] 97 [93] 97 [13] 97 3 [79] 97 3 [] 97 4 [16] 97 4 [8] 97 5 [7] 97 5 [94] 97 6 [33] 97 6 [77] 97 7 [3] 97 7 [93] 97 8 [6] 97 8 [8] 97 9 [85] 97 9 [7] 97 We see that the second entry of the two lists coincide for j = and i = 7 so log α = 7
Discrete Logarithm Problem
Discrete Logarithm Problem Finite Fields The finite field GF(q) exists iff q = p e for some prime p. Example: GF(9) GF(9) = {a + bi a, b Z 3, i 2 = i + 1} = {0, 1, 2, i, 1+i, 2+i, 2i, 1+2i, 2+2i} Addition:
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationLecture 28: Public-key Cryptography. Public-key Cryptography
Lecture 28: Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies on the fact that the adversary does not have access
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationb = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.
INTRODUCTION TO CRYPTOGRAPHY 5. Discrete Logarithms Recall the classical logarithm for real numbers: If we write b = 10 a, then a = log 10 b is the logarithm of b to the base 10. Changing the base to e
More informationElliptic Curves. Giulia Mauri. Politecnico di Milano website:
Elliptic Curves Giulia Mauri Politecnico di Milano email: giulia.mauri@polimi.it website: http://home.deib.polimi.it/gmauri May 13, 2015 Giulia Mauri (DEIB) Exercises May 13, 2015 1 / 34 Overview 1 Elliptic
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA: Review and Properties Factoring Algorithms Trapdoor One Way Functions PKC Based on Discrete Logs (Elgamal) Signature Schemes Lecture 8 Tel-Aviv University
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationLecture 7: ElGamal and Discrete Logarithms
Lecture 7: ElGamal and Discrete Logarithms Johan Håstad, transcribed by Johan Linde 2006-02-07 1 The discrete logarithm problem Recall that a generator g of a group G is an element of order n such that
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationFinal Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.
Final Exam Math 10: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 0 April 2002 :0 11:00 a.m. Instructions: Please be as neat as possible (use a pencil), and show
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More informationQuestion: Total Points: Score:
University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please
More informationPublic Key Encryption
Public Key Encryption KG October 17, 2017 Contents 1 Introduction 1 2 Public Key Encryption 2 3 Schemes Based on Diffie-Hellman 3 3.1 ElGamal.................................... 5 4 RSA 7 4.1 Preliminaries.................................
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationElliptic curves: Theory and Applications. Day 4: The discrete logarithm problem.
Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem. Elisa Lorenzo García Université de Rennes 1 14-09-2017 Elisa Lorenzo García (Rennes 1) Elliptic Curves 4 14-09-2017 1 /
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationMATH 158 FINAL EXAM 20 DECEMBER 2016
MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page
More information8 Elliptic Curve Cryptography
8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given
More informationCryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups
Great Theoretical Ideas in CS V. Adamchik CS 15-251 Upcoming Interview? Lecture 24 Carnegie Mellon University Cryptography and RSA How the World's Smartest Company Selects the Most Creative Thinkers Groups
More informationIntroduction to Cryptography. Lecture 8
Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication
More informationCPSC 467b: Cryptography and Computer Security
Outline Quadratic residues Useful tests Digital Signatures CPSC 467b: Cryptography and Computer Security Lecture 14 Michael J. Fischer Department of Computer Science Yale University March 1, 2010 Michael
More informationThe Elliptic Curve in https
The Elliptic Curve in https Marco Streng Universiteit Leiden 25 November 2014 Marco Streng (Universiteit Leiden) The Elliptic Curve in https 25-11-2014 1 The s in https:// HyperText Transfer Protocol
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationSharing a Secret in Plain Sight. Gregory Quenell
Sharing a Secret in Plain Sight Gregory Quenell 1 The Setting: Alice and Bob want to have a private conversation using email or texting. Alice Bob 2 The Setting: Alice and Bob want to have a private conversation
More informationNumber theory (Chapter 4)
EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?
More informationCarmen s Core Concepts (Math 135)
Carmen s Core Concepts (Math 135) Carmen Bruni University of Waterloo Week 8 1 The following are equivalent (TFAE) 2 Inverses 3 More on Multiplicative Inverses 4 Linear Congruence Theorem 2 [LCT2] 5 Fermat
More informationOne can use elliptic curves to factor integers, although probably not RSA moduli.
Elliptic Curves Elliptic curves are groups created by defining a binary operation (addition) on the points of the graph of certain polynomial equations in two variables. These groups have several properties
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More information14 Diffie-Hellman Key Agreement
14 Diffie-Hellman Key Agreement 14.1 Cyclic Groups Definition 14.1 Example Let д Z n. Define д n = {д i % n i Z}, the set of all powers of д reduced mod n. Then д is called a generator of д n, and д n
More informationCODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.
CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES A selection of the following questions will be chosen by the lecturer to form the Cryptology Assignment. The Cryptology Assignment is due by 5pm Sunday 1
More information9 Knapsack Cryptography
9 Knapsack Cryptography In the past four weeks, we ve discussed public-key encryption systems that depend on various problems that we believe to be hard: prime factorization, the discrete logarithm, and
More informationEvidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs
Evidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs Jonah Brown-Cohen 1 Introduction The Diffie-Hellman protocol was one of the first methods discovered for two people, say Alice
More informationCandidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.
UNIVERSITY OF EAST ANGLIA School of Mathematics May/June UG Examination 2010 2011 CRYPTOGRAPHY Time allowed: 2 hours Attempt THREE questions. Candidates must show on each answer book the type of calculator
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationExam Security January 19, :30 11:30
Exam Security January 19, 2016. 8:30 11:30 You can score a maximum of 100. Each question indicates how many it is worth. You are NOT allowed to use books or notes, or a (smart) phone. You may answer in
More informationTECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018
Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018 Name : TU/e student number : Exercise 1 2 3 4 5 total points Notes: Please hand in all sheets at the end of the exam.
More informationClassical Cryptography
Classical Cryptography CSG 252 Fall 2006 Riccardo Pucella Goals of Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to communications Alice and Bob share a key K Alice
More informationEindhoven University of Technology MASTER. Kleptography cryptography with backdoors. Antheunisse, M. Award date: 2015
Eindhoven University of Technology MASTER Kleptography cryptography with backdoors Antheunisse, M. Award date: 2015 Disclaimer This document contains a student thesis (bachelor's or master's), as authored
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationElliptic Curve Computations (1) View the graph and an elliptic curve Graph the elliptic curve y 2 = x 3 x over the real number field R.
Elliptic Curve Computations (1) View the graph and an elliptic curve Graph the elliptic curve y 2 = x 3 x over the real number field R. >> v = y^2 - x*(x-1)*(x+1) v = y^2 - x*(x-1)*(x+1) >> ezplot(v, [-1,3,-5,5])
More informationNotes for Lecture 17
U.C. Berkeley CS276: Cryptography Handout N17 Luca Trevisan March 17, 2009 Notes for Lecture 17 Scribed by Matt Finifter, posted April 8, 2009 Summary Today we begin to talk about public-key cryptography,
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationMATH3302 Cryptography Problem Set 2
MATH3302 Cryptography Problem Set 2 These questions are based on the material in Section 4: Shannon s Theory, Section 5: Modern Cryptography, Section 6: The Data Encryption Standard, Section 7: International
More informationLecture 11: Key Agreement
Introduction to Cryptography 02/22/2018 Lecture 11: Key Agreement Instructor: Vipul Goyal Scribe: Francisco Maturana 1 Hardness Assumptions In order to prove the security of cryptographic primitives, we
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More informationOverview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017
CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto
More informationReview. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm
Review CS311H: Discrete Mathematics Number Theory Instructor: Işıl Dillig What does it mean for two ints a, b to be congruent mod m? What is the Division theorem? If a b and a c, does it mean b c? What
More informationMa/CS 6a Class 1. Course Details
Ma/CS 6a Class 1 By Adam Sheffer Course Details Adam Sheffer. adamsh@caltech.edu 1:00 Monday, Wednesday, and Friday. http://www.math.caltech.edu/~2014-15/1term/ma006a/ 1 Course Structure No exam! Grade
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Fun with Public-Key Tonight we ll Introduce some basic tools of public-key crypto Combine the tools to create more powerful tools Lay the ground work for substantial
More informationCHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30
CHALMERS GÖTEBORGS UNIVERSITET CRYPTOGRAPHY TDA35 (Chalmers) - DIT50 (GU) 11 April 017, 8:30-1:30 No extra material is allowed during the exam except for pens and a simple calculator (not smartphones).
More informationSolution to Midterm Examination
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Handout #13 Xueyuan Su November 4, 2008 Instructions: Solution to Midterm Examination This is a closed book
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols nichols@math.umass.edu University of Massachusetts Oct. 14, 2015 Cryptography basics Cryptography is the study of secure communications. Here are
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationElliptic Curve Cryptography with Derive
Elliptic Curve Cryptography with Derive Johann Wiesenbauer Vienna University of Technology DES-TIME-2006, Dresden General remarks on Elliptic curves Elliptic curces can be described as nonsingular algebraic
More informationCryptography. P. Danziger. Transmit...Bob...
10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of
More informationNumber Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers
Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 23, 2017 CPSC 467, Lecture 14 1/42 Computing in Z n Modular multiplication Modular inverses Extended Euclidean algorithm
More informationINTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.
INTEGERS PETER MAYR (MATH 2001, CU BOULDER) In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes. 1. Divisibility Definition. Let a, b
More informationLECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS
LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several
More informationTheme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS
1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationECS 189A Final Cryptography Spring 2011
ECS 127: Cryptography Handout F UC Davis Phillip Rogaway June 9, 2011 ECS 189A Final Cryptography Spring 2011 Hints for success: Good luck on the exam. I don t think it s all that hard (I do believe I
More informationTutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction
Tutorial on Quantum Computing Vwani P. Roychowdhury Lecture 1: Introduction 1 & ) &! # Fundamentals Qubits A single qubit is a two state system, such as a two level atom we denote two orthogonal states
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationarxiv: v3 [cs.cr] 15 Jun 2017
Use of Signed Permutations in Cryptography arxiv:1612.05605v3 [cs.cr] 15 Jun 2017 Iharantsoa Vero RAHARINIRINA ihvero@yahoo.fr Department of Mathematics and computer science, Faculty of Sciences, BP 906
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols University of Massachusetts Amherst nichols@math.umass.edu WINRS Research Symposium Brown University March 4, 2017 Cryptography basics Cryptography
More informationNotes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I
Number Theory: Applications Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Fall 2007 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 3.4 3.7 of Rosen cse235@cse.unl.edu
More informationLecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya
BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,
More informationCrypto math II. Alin Tomescu May 27, Abstract A quick overview on group theory from Ron Rivest s course in Spring 2015.
Crypto math II Alin Tomescu alinush@mit.edu May 7, 015 Abstract A quick overview on group theory from Ron Rivest s 6.857 course in Spring 015. 1 Overview Group theory review Diffie-Hellman (DH) key exchange
More informationLecture 17: Constructions of Public-Key Encryption
COM S 687 Introduction to Cryptography October 24, 2006 Lecture 17: Constructions of Public-Key Encryption Instructor: Rafael Pass Scribe: Muthu 1 Secure Public-Key Encryption In the previous lecture,
More informationCryptography. pieces from work by Gordon Royle
Cryptography pieces from work by Gordon Royle The set-up Cryptography is the mathematics of devising secure communication systems, whereas cryptanalysis is the mathematics of breaking such systems. We
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationPublic-Key Encryption: ElGamal, RSA, Rabin
Public-Key Encryption: ElGamal, RSA, Rabin Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Public-Key Encryption Syntax Encryption algorithm: E. Decryption
More informationUniv.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.
Cryptography Univ.-Prof. Dr. rer. nat. Rudolf Mathar 1 2 3 4 15 15 15 15 60 Written Examination Cryptography Tuesday, August 29, 2017, 01:30 p.m. Name: Matr.-No.: Field of study: Please pay attention to
More informationArithmétique et Cryptographie Asymétrique
Arithmétique et Cryptographie Asymétrique Laurent Imbert CNRS, LIRMM, Université Montpellier 2 Journée d inauguration groupe Sécurité 23 mars 2010 This talk is about public-key cryptography Why did mathematicians
More informationECE596C: Handout #11
ECE596C: Handout #11 Public Key Cryptosystems Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract In this lecture we introduce necessary mathematical background for studying
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 14, 2013 CPSC 467b, Lecture 9 1/42 Integer Division (cont.) Relatively prime numbers, Z n, and φ(n) Computing in Z n
More informationUsing semidirect product of (semi)groups in public key cryptography
Using semidirect product of (semi)groups in public key cryptography Delaram Kahrobaei City University of New York Graduate Center: PhD Program in Computer Science NYCCT: Mathematics Department University
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 6, 2012 CPSC 467b, Lecture 9 1/53 Euler s Theorem Generating RSA Modulus Finding primes by guess and check Density of
More information