2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

Size: px
Start display at page:

Download "2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms"

Transcription

1 CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such that A = α a The exponent a is called the discrete logarithm of A in base α It is denoted by log α A The group ( Z /13 Z ) is a cyclic group of order 1 with [] 13 a generator A [1] 13 [] 13 [3] 13 [4] 13 [5] 13 [6] 13 [7] 13 [8] 13 [9] 13 [10] 13 [11] 13 [1] 13 log []13 A The group ( Z /n Z + [0] n ) is a cyclic group of order n α = [a] n is a generator if and only if gcd(a n) = 1 Let B = [b] n G and l = log α B Then B = α l so b al (mod n) But α is invertible in Z /n Z so l ba 1 (mod n) The difficulty of taking discrete logarithms depends on the group For the groups ( Z /p Z ) p a prime number the problem is considered hard 51 Diffie-Hellman Alice and Bob want to communicate via an unsecured channel using a symmetric cryptosystem for example AES They need to communicate the key used to each other The following protocol gives them a way of doing so It its security is based on the difficulty of taking discrete logarithms in ( Z /p Z ) p a prime number Diffie-Hellman Key Exchange Alice (on her own or together wit Bob) chooses a prime number p and a generator [α] n of ( Z /p Z ) Alice chooses an a {0 1 p } and computes A α a (mod p) Alice sends A (with α and p) to Bob Bob chooses a b {0 1 p } and computes B α b (mod p) Bob sends B to Alice Alice computes B a (mod p) and Bob computes A b (mod p) Since B a (α b ) a α ab (α a ) b A b (mod p) Alice and Bob have computed the same number K = α ab (mod p) This number K can be used as they key for the symmetric cryptosystem they use (or the first 18 bits of K written in base or something similar) Alice chooses p = 17 and α = 3 as a generator of ( Z /17 Z ) She chooses a = 7 and computes 3 7 (mod 17) = 11 She sends p = 17 α = 3 and A = 11 to Bob Bob chooses b = 4 and computes 3 4 (mod 17) = 13 and sends B = 13 to Alice Alice computes B a = 13 7 (mod 17) = 4 and Bob computes A b = 11 4 (mod 17) = 4 Their key is 4 Remarks

2 CRYPTOGRAPHY 0 1 The protocol also works in other groups One needs to choose an α G of large order The security of the protocol is not based on the secrecy of the prime p 3 Alice needs to find a generator of ( Z /p Z ) which is a group of order p 1 She can t always factorize p 1 Alice could take p = + 1 with a (large) Sophie Germain prime Now she has an efficient way of choosing a generator ( Z /p Z ) In the example Eve and Oscar are in the possession of p = 17 α = 3 A = 11 and B = 13 They want to calculate K Since A = 11 3 a (mod 17) and B = 13 3 b (mod 17) we have a = log 3 11 and b = log 3 13 If they can compute one of these discrete logarithms then they can compute K since K B a A b (mod 17) But there might be other ways of finding K The problem Eve and Oscar need solve is called the Diffie-Hellman problem Diffie-Hellman problem Given a prime p a generator [α] p of ( Z /p Z ) and two numbers A and B determine K where A α a (mod p) B α b (mod p) and K α ab (mod p) One can state this in terms of elements in a group: Given a group G an element α G of large order and two elements A B α determine K where K = α ab and A = α a B = α b The difficulty in solving the Diffie-Hellman problem depends on the group G For ( Z /p Z ) it is considered a hard problem As for now taking discrete logarithms seems to be the only solution but no efficient algorithm is known at this moment Man in the middle attack Suppose Alice and Bob want to use the Diffie-Hellman Key exchange to exchange a key but the channel is controlled by Eve and Oscar Alice chooses p α and a {0 1 p } computes A = α a (mod p) and sends p α and A to Bob Eve and Oscar intercept the message and they choose an e {0 1 p } and compute E = α e (mod p) Oscar fakes to be Bob and sends E to Alice Alice computes K 1 = E a (mod p) and Oscar computes K 1 = A e (mod p) Eve fakes to be Alice and sends p α and E to Bob Bob chooses a b {0 1 p } computes B = α b (mod p) and sends B back to the fake Alice Bob computes K = E b (mod p) and Eve computes K = B e (mod p) Alice K 1 = A e = E a Eve and Oscar K = E b = B e Bob A = α a E = α e B = α b Alice thinks she is sharing the key K 1 with Bob Bob thinks he is sharing the key K with Alice When Alice sends a message to Bob she uses the key K 1 Eve and Oscar use the key K 1 to read the message and then use the key K to encrypt it and send it to Bob The message received by Bob is encrypted with the key K which is the key he thinks he shares with Alice Bob has no reason to believe he is not talking to Alice Nor does Alice when she receives messages from Bob In this way Eve and Oscar can read all the correspondence between Alice and Bob without them suspecting anything In order to protect them self of the man in the middle attack Alice and Bob need first to authenticate them self before exchanging a key The authentication can be done via a public key cryptosystem 5 ElGamal public key cryptosystem We describe the cryptosystem in a non formal way Alice chooses a prime p a generator [α] p ( Z /p Z ) and an a {0 1 p } She computes A = α a (mod p) Her public key is (p α A) Her secret key is a so the private key space is K s = {0 1 p } The plain text and cipher text spaces are P = Z /p Z and C = ( Z /p Z ) Z /p Z The encryption is as follows:

3 CRYPTOGRAPHY 1 Bob wants to send m to Alice He chooses a b {0 1 p } computes B = α b (mod p) and then computes c = A b m (mod p) The cipher text is (B c) The decryption is as follows: Alice computes B x c (mod p) where x = p 1 a Since B x (α b ) a α b() α ab (α ab ) 1 (mod p) and c = A b m α ab m (mod p) it follows that B x c m (mod p) Remark Alice and Bob are interchanging the Diffie-Hellman key K = A b = B a (mod p) Alice made her part A public Bob provides Alice with his part B of the key in the first part of the encrypted message Bob multiplies in Z /p Z the message m with A b Thus he multiplied the message with the Diffie-Hellman key and sends that with his part B of the Diffie-Hellman key to Alice Alice computes B x K 1 (mod p) which is the inverse of the Diffie-Hellman key and multiplies that with c to obtain the original message Alice takes p = 3 α = 7 and a = 6 Then A = (mod 3) The public key of Alice is (p = 3 α = 7 A = 4) Suppose Bob wants to send to Alice He takes the public key (p = 3 α = 7 A = 4) of Alice and chooses b = 3 He computes B = (mod 3) and c = (mod 3) The cipher text is (B = 1 c = 13) which he sends to Alice Alice first calculates K 1 = (B a ) 1 ((1) 6 ) (mod 3) and then K 1 c 9 13 (mod 3) Remarks 1 Using a plain text space of the about the same size in RSA and ElGamal results in ElGamal in a cipher text space which about double the size as the cipher text space of RSA Bob chooses b arbitrary So for Eve and Oscar c is arbitrary too 3 Both A and B are powers of α so are in the group generated by α The key K is a power of A and B Since A and B are public their order should be large for otherwise K can be computed Thus gcd(a p 1) and gcd(b p 1) should be small 4 The set up can also be made using groups different from ( Z /p Z ) using an element of large order Lemma 51 The security of ElGamal is euivalent to the Diffie-Hellman problem Proof Suppose Eve and Oscar have a way of solving the Diffie-Hellman problem That is they are in the possession of a black box that from given p α A and B calculates K where K = α ab with a = log α A and b = log α B The correspondence between Alice and Bob contains the public key p α A and the cipher text (B c) Feeding p α A and B to their black box they obtain K They then can calculate K 1 and K 1 c = m Hence Eve and Oscar can read the message m Suppose Eve and Oscar have a way of reading ElGamal messages That is they are in the possession of a black box that from given p α A and (B c) calculates m where m = (α ab ) 1 c with a = log α A and b = log α B Eve and Oscar are in the possession of p α A and B If they give p α A and (B 1) to the black box it will calculate (α ab ) 1 But this is K 1 and so they can obtain K Hence they can solve the Diffie-Hellman problem Lemma 5 Bob should vary his choice of b

4 CRYPTOGRAPHY Proof Suppose that Bob in his correspondence with Alice sends two messages m 1 and m having chosen the same number b The cipher texts are (B c 1 ) and (B c 1 ) where c 1 A b m 1 (mod p) and c A b m (mod p) If m is invertible then so is c and since c 1 c 1 (A b m 1 )(A b m ) 1 m 1 (m ) 1 (mod p) it follows that if Eve and Oscar know the pair (m c ) they can compute c 1 c 1 m m 1 (mod p) 53 Pohlig-Hellman algorithm Let p be a prime number and α a generator of ( Z /p Z ) so o(α) = p 1 Given ( Z /p Z ) the algorithm calculates the discrete logarithm log α that is it finds 0 x p with α x = In order to do this it suffices to find x (mod p 1) Let p 1 = r1 1 r rn n be the factorization in primes Thus for i j {1 n} we have that i is a prime with i j if i j and r i 1 with ri i p 1 but ri+1 i p 1 Observe that if for each i {1 n} x (mod ri i ) is known then the Chinese Remainder Theorem will allows us to determine x (mod p 1) and so x Let be a prime and r 1 with r p 1 and r+1 p 1 The following algorithm allows us to calculate x (mod r ) Let x = x 0 + x 1 + x + x x r r + with 0 x i 1 (so x is written in base ) In oder to calculate x (mod r ) it suffices to calculate x 0 x 1 x r 1 Since p 1 is divisible by 3 r we have 3 Z r The element α has order We list the elements of the group generated by it in a table of reference: Let 0 = so 0 = α x0+x1+x + Since k (α ) k 1 α (α ) (α 0 = α (x0+x1+x) = α x0( x 0 can be determined with the reference table Let 1 = 0 α x0 so 1 = α (x1+x+) Since 1 = α (x1+x+x3) = α x1( x 1 can be determined with the reference table Let = 1 α x1 so = α (x +x 3+) Since 3 = α (x+x3+x4) = α x( x can be determined with the reference table )+()(x1+x+ ) = α )+()(x+x3+ ) = α )+()(x3+x4+ ) = α Let r 1 = r α xr r so r 1 = α r 1 (x r 1+x r+) Since r r 1 = α (xr 1+xr+) = α xr 1( x r 1 can be determined with the reference table )+()(xr+ ) = α ) 1 x0( x1( x( xr 1( ) = (α ) x 0 ) = (α ) x 1 ) = (α ) x ) = (α ) x r 1 We have found x 0 x 1 x r 1 and thus also x x 0 + x 1 + x + x x r 1 r 1 (mod r ) Note that the algorithm finishes automatically as at the next step is not an integer r+1

5 CRYPTOGRAPHY 3 Let p = 1373 The group ( Z /1373 Z ) is cyclic of order 137 = 7 3 Let α = [] 1373 Since 73 1 (mod 1373) and (mod 1373) o([] 1373 ) = 137 and so α is a generator Let = [801] 1373 We determine log α using the Pohlig-Hellman algorithm Thus we determine 0 x 137 with x 801 (mod 1373) Determination of x (mod ) Write x = x 0 + x 1 + x + Since 137 = 686 the reference table is k 0 1 ([ 686 ] 1373 ) k [1] 1373 [137] (mod 1373) Hence x 0 = 1 and 1 = 0 α (mod 1373) (mod 1373) Hence x 1 = 1 Hence x (mod ) Determination of x (mod 7 3 ) Write x = x 0 + x x 7 + x Since = 196 the reference table is k ([ 196 ] 1373 ) k [1] 1373 [333] 1373 [1049] 1373 [575] 1373 [68] 1373 [48] 1373 [1105] (mod 1373) Hence x 0 = and 1 = 0 α (mod 1373) (mod 1373) Hence x 1 = 3 and = 1 α (mod 1373) (mod 1373) Hence x = 1 Hence x (mod 7 3 ) We have found that { x 3 (mod 4) x 7 (mod 343) Hence by the Chinese Remainder Theorem x 415 (mod 137) So x = 415 We can check our answer: (mod 1373) which is correct Determine 0 x 40 with 7 x 1 (mod 41) We have p = 41 α = [7] 41 and = [1] 41 Thus p 1 = 40 = 3 5 Determination of x (mod 3 ) Write x = x 0 + x 1 + x + x 3 3 Since 40 k 0 1 ([7 0 ] 41 ) k [1] 41 [40] 41 = 0 the reference table is (mod 41) Hence x 0 = 1 and 1 = 0 α (mod 41) (mod 41) Hence x 1 = 0 and = 1 α (mod 41) (mod 41) Hence x = 1 Hence x (mod 3 ) Determination of x (mod 5)

6 CRYPTOGRAPHY 4 Write x = x 0 + x Since 40 5 = 8 the reference table is k ([7 8 ] 41 ) k [1] 41 [37] 41 [16] 41 [18] 41 [10] (mod 41) Hence x 0 = 3 Hence x 3 (mod 5) We have found that { x 5 (mod 8) x 3 (mod 5) Hence by the Chinese Remainder Theorem x 13 (mod 40) So x = 13 We can check our answer: (mod 41) which is correct Remark The Pohlig-Hellman algorithm is efficient if the factorization of p 1 in to primes does not involve large primes 54 Index Calculus Let p be a prime number and α a generator of ( Z /p Z ) so o(α) = p 1 Given ( Z /p Z ) the method calculates if you are lucky the discrete logarithm log α that is it finds 0 x p with α x = In order to do this it suffices to find x (mod p 1) Let B = {p 1 p p r } a set of primes different from p and let a b Z such that α = [a] p and = [b] p For i {1 r} we have [p i ] p ( Z /p Z ) Since [p i ] p = α logα[pi]p we have p i a logα[pi]p (mod p) First we attempt to calculate log α [p i ] p for i {1 r} This can be done as follows: Find x j Z such that α xj [p i ] p 1 i r That is the number a xj (mod p) factorizes in primes contained in B Say a xj p a1j 1 p aj p arj r (mod p) Thus x j a 1j log α [p 1 ] p + a j log α [p ] p + + a rj log α [p r ] p (mod p 1) where the values af a ij are determined from the factorization in primes of a xj (mod p) If one can find enough of these numbers x j such that the euations are linear independent then one can solve the system of linear linear euations and find log α [p i ] p for i {1 r} Next find an s Z such that α s [p i ] p 1 i r That is the number ba s (mod p) factorizes in primes contained in B Say ba s p b1 1 pb pbr r (mod p) Thus x + s b 1 log α [p 1 ] p + b log α [p ] p + + b r log α [p r ] p (mod p 1) where b 1 b b r Z are determined from the factorization in primes of ba s (mod p) Hence x can be determined Let p = α = [5] and = [9451] Let B = { 3 5 7} We have Let x 1 = 4063 then (mod 10007) and 4 = 3 7 Let x = 5136 then (mod 10007) and 54 = 3 3 Let x 3 = 9865 then (mod 10007) and 189 = Let x 4 = 1 then (mod 10007) and 5 = 5 1 To simplify notation let log 5 s = log [5]10007 [s] for s Z with gcd(10007 s) = 1 Hence 4063 log 5 + log log 5 7 (mod 10006) 5136 log log 5 3 (mod 10006) log log 5 7 (mod 10006) 1 log 5 5 (mod 10006)

7 CRYPTOGRAPHY 5 Solving the linear system gives log 5 = log 5 3 = 6190 log 5 5 = 1 and log 5 7 = 1301 Take s = 7736 then (mod 10007) and 8400 = Hence It follows that x = Shank s Algorithm x log log log log 5 7 (mod 10006) Let p be a prime number and α a generator of ( Z /p Z ) so o(α) = p 1 Given ( Z /p Z ) the method calculates the discrete logarithm Recall that it sufices to find the number modulo p 1 The algorithm is based on the following observation: Lemma 53 Let p be a prime number m = p α a generator of ( Z /p Z ) and ( Z /p Z ) Then there exist k r Z with 0 k r m 1 such that α mk = α r Proof Suppose = α x with 0 x p 1 Let m = p Then x = mk + r for some k r Z with 0 r m 1 If k m then x = mk + r m + r m p > p 1 a contradiction So 0 k r m 1 Now = α x = α mk+r = α mk α r so α mk = α r Shank s Algorithm: Let L 1 = {(j α jm ) 0 j m 1} and L = {(i α i ) 0 i m 1} Sort the lists according to the second coordinate Find (j 0 y) L 1 and (i 0 y) L (that is find a pair in L 1 and one in L that have the same second coordinate) Then log α mj 0 + i 0 (mod (p 1)) The lemma shows that at least one such a pair (j 0 y) L 1 and (i 0 y) L exists Moreover for such a pair we have y = α j0m = α i0 That is α j0m α i0 = hence α mj0+i0 = = α x Thus we have x mj 0 + i 0 (mod (p 1)) Let p = 97 and α = [5] 97 hence m = 10 We compute the discrete logarithm of = [34] 97 j ([5] 97 ) 10j i [34] 97 ([5] 97 ) i 0 [1] 97 0 [34] 97 1 [53] 97 1 [65] 97 [93] 97 [13] 97 3 [79] 97 3 [] 97 4 [16] 97 4 [8] 97 5 [7] 97 5 [94] 97 6 [33] 97 6 [77] 97 7 [3] 97 7 [93] 97 8 [6] 97 8 [8] 97 9 [85] 97 9 [7] 97 We see that the second entry of the two lists coincide for j = and i = 7 so log α = 7

Discrete Logarithm Problem

Discrete Logarithm Problem Discrete Logarithm Problem Finite Fields The finite field GF(q) exists iff q = p e for some prime p. Example: GF(9) GF(9) = {a + bi a, b Z 3, i 2 = i + 1} = {0, 1, 2, i, 1+i, 2+i, 2i, 1+2i, 2+2i} Addition:

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots

More information

Lecture Notes, Week 6

Lecture Notes, Week 6 YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several

More information

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies

More information

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015 L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm

More information

CPSC 467: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from

More information

Chapter 8 Public-key Cryptography and Digital Signatures

Chapter 8 Public-key Cryptography and Digital Signatures Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital

More information

CRYPTOGRAPHY AND NUMBER THEORY

CRYPTOGRAPHY AND NUMBER THEORY CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We

More information

Public-Key Cryptosystems CHAPTER 4

Public-Key Cryptosystems CHAPTER 4 Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:

More information

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication

More information

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How

More information

Lecture 28: Public-key Cryptography. Public-key Cryptography

Lecture 28: Public-key Cryptography. Public-key Cryptography Lecture 28: Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies on the fact that the adversary does not have access

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem

More information

Practice Assignment 2 Discussion 24/02/ /02/2018

Practice Assignment 2 Discussion 24/02/ /02/2018 German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption

More information

b = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.

b = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a. INTRODUCTION TO CRYPTOGRAPHY 5. Discrete Logarithms Recall the classical logarithm for real numbers: If we write b = 10 a, then a = log 10 b is the logarithm of b to the base 10. Changing the base to e

More information

Elliptic Curves. Giulia Mauri. Politecnico di Milano website:

Elliptic Curves. Giulia Mauri. Politecnico di Milano   website: Elliptic Curves Giulia Mauri Politecnico di Milano email: giulia.mauri@polimi.it website: http://home.deib.polimi.it/gmauri May 13, 2015 Giulia Mauri (DEIB) Exercises May 13, 2015 1 / 34 Overview 1 Elliptic

More information

Introduction to Modern Cryptography. Benny Chor

Introduction to Modern Cryptography. Benny Chor Introduction to Modern Cryptography Benny Chor RSA: Review and Properties Factoring Algorithms Trapdoor One Way Functions PKC Based on Discrete Logs (Elgamal) Signature Schemes Lecture 8 Tel-Aviv University

More information

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0

More information

Lecture 1: Introduction to Public key cryptography

Lecture 1: Introduction to Public key cryptography Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means

More information

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Intro to Public Key Cryptography Diffie & Hellman Key Exchange Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part

More information

Lecture 7: ElGamal and Discrete Logarithms

Lecture 7: ElGamal and Discrete Logarithms Lecture 7: ElGamal and Discrete Logarithms Johan Håstad, transcribed by Johan Linde 2006-02-07 1 The discrete logarithm problem Recall that a generator g of a group G is an element of order n such that

More information

Public Key Cryptography

Public Key Cryptography Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:

More information

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m. Final Exam Math 10: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 0 April 2002 :0 11:00 a.m. Instructions: Please be as neat as possible (use a pencil), and show

More information

10 Public Key Cryptography : RSA

10 Public Key Cryptography : RSA 10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if

More information

Question: Total Points: Score:

Question: Total Points: Score: University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please

More information

Public Key Encryption

Public Key Encryption Public Key Encryption KG October 17, 2017 Contents 1 Introduction 1 2 Public Key Encryption 2 3 Schemes Based on Diffie-Hellman 3 3.1 ElGamal.................................... 5 4 RSA 7 4.1 Preliminaries.................................

More information

Introduction to Modern Cryptography. Benny Chor

Introduction to Modern Cryptography. Benny Chor Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the

More information

Mathematics of Cryptography

Mathematics of Cryptography UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms

More information

Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem.

Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem. Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem. Elisa Lorenzo García Université de Rennes 1 14-09-2017 Elisa Lorenzo García (Rennes 1) Elliptic Curves 4 14-09-2017 1 /

More information

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit

More information

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1). 1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not

More information

MATH 158 FINAL EXAM 20 DECEMBER 2016

MATH 158 FINAL EXAM 20 DECEMBER 2016 MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page

More information

8 Elliptic Curve Cryptography

8 Elliptic Curve Cryptography 8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given

More information

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups Great Theoretical Ideas in CS V. Adamchik CS 15-251 Upcoming Interview? Lecture 24 Carnegie Mellon University Cryptography and RSA How the World's Smartest Company Selects the Most Creative Thinkers Groups

More information

Introduction to Cryptography. Lecture 8

Introduction to Cryptography. Lecture 8 Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security Outline Quadratic residues Useful tests Digital Signatures CPSC 467b: Cryptography and Computer Security Lecture 14 Michael J. Fischer Department of Computer Science Yale University March 1, 2010 Michael

More information

The Elliptic Curve in https

The Elliptic Curve in https The Elliptic Curve in https Marco Streng Universiteit Leiden 25 November 2014 Marco Streng (Universiteit Leiden) The Elliptic Curve in https 25-11-2014 1 The s in https:// HyperText Transfer Protocol

More information

Public Key Algorithms

Public Key Algorithms Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/

More information

Sharing a Secret in Plain Sight. Gregory Quenell

Sharing a Secret in Plain Sight. Gregory Quenell Sharing a Secret in Plain Sight Gregory Quenell 1 The Setting: Alice and Bob want to have a private conversation using email or texting. Alice Bob 2 The Setting: Alice and Bob want to have a private conversation

More information

Number theory (Chapter 4)

Number theory (Chapter 4) EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?

More information

Carmen s Core Concepts (Math 135)

Carmen s Core Concepts (Math 135) Carmen s Core Concepts (Math 135) Carmen Bruni University of Waterloo Week 8 1 The following are equivalent (TFAE) 2 Inverses 3 More on Multiplicative Inverses 4 Linear Congruence Theorem 2 [LCT2] 5 Fermat

More information

One can use elliptic curves to factor integers, although probably not RSA moduli.

One can use elliptic curves to factor integers, although probably not RSA moduli. Elliptic Curves Elliptic curves are groups created by defining a binary operation (addition) on the points of the graph of certain polynomial equations in two variables. These groups have several properties

More information

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The

More information

Discrete Mathematics GCD, LCM, RSA Algorithm

Discrete Mathematics GCD, LCM, RSA Algorithm Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common

More information

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory

More information

14 Diffie-Hellman Key Agreement

14 Diffie-Hellman Key Agreement 14 Diffie-Hellman Key Agreement 14.1 Cyclic Groups Definition 14.1 Example Let д Z n. Define д n = {д i % n i Z}, the set of all powers of д reduced mod n. Then д is called a generator of д n, and д n

More information

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment. CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES A selection of the following questions will be chosen by the lecturer to form the Cryptology Assignment. The Cryptology Assignment is due by 5pm Sunday 1

More information

9 Knapsack Cryptography

9 Knapsack Cryptography 9 Knapsack Cryptography In the past four weeks, we ve discussed public-key encryption systems that depend on various problems that we believe to be hard: prime factorization, the discrete logarithm, and

More information

Evidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs

Evidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs Evidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs Jonah Brown-Cohen 1 Introduction The Diffie-Hellman protocol was one of the first methods discovered for two people, say Alice

More information

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used. UNIVERSITY OF EAST ANGLIA School of Mathematics May/June UG Examination 2010 2011 CRYPTOGRAPHY Time allowed: 2 hours Attempt THREE questions. Candidates must show on each answer book the type of calculator

More information

Other Public-Key Cryptosystems

Other Public-Key Cryptosystems Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

Exam Security January 19, :30 11:30

Exam Security January 19, :30 11:30 Exam Security January 19, 2016. 8:30 11:30 You can score a maximum of 100. Each question indicates how many it is worth. You are NOT allowed to use books or notes, or a (smart) phone. You may answer in

More information

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018 Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018 Name : TU/e student number : Exercise 1 2 3 4 5 total points Notes: Please hand in all sheets at the end of the exam.

More information

Classical Cryptography

Classical Cryptography Classical Cryptography CSG 252 Fall 2006 Riccardo Pucella Goals of Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to communications Alice and Bob share a key K Alice

More information

Eindhoven University of Technology MASTER. Kleptography cryptography with backdoors. Antheunisse, M. Award date: 2015

Eindhoven University of Technology MASTER. Kleptography cryptography with backdoors. Antheunisse, M. Award date: 2015 Eindhoven University of Technology MASTER Kleptography cryptography with backdoors Antheunisse, M. Award date: 2015 Disclaimer This document contains a student thesis (bachelor's or master's), as authored

More information

RSA. Ramki Thurimella

RSA. Ramki Thurimella RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key

More information

Encryption: The RSA Public Key Cipher

Encryption: The RSA Public Key Cipher Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a

More information

Elliptic Curve Computations (1) View the graph and an elliptic curve Graph the elliptic curve y 2 = x 3 x over the real number field R.

Elliptic Curve Computations (1) View the graph and an elliptic curve Graph the elliptic curve y 2 = x 3 x over the real number field R. Elliptic Curve Computations (1) View the graph and an elliptic curve Graph the elliptic curve y 2 = x 3 x over the real number field R. >> v = y^2 - x*(x-1)*(x+1) v = y^2 - x*(x-1)*(x+1) >> ezplot(v, [-1,3,-5,5])

More information

Notes for Lecture 17

Notes for Lecture 17 U.C. Berkeley CS276: Cryptography Handout N17 Luca Trevisan March 17, 2009 Notes for Lecture 17 Scribed by Matt Finifter, posted April 8, 2009 Summary Today we begin to talk about public-key cryptography,

More information

Chapter 4 Asymmetric Cryptography

Chapter 4 Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for

More information

Asymmetric Cryptography

Asymmetric Cryptography Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a

More information

MATH3302 Cryptography Problem Set 2

MATH3302 Cryptography Problem Set 2 MATH3302 Cryptography Problem Set 2 These questions are based on the material in Section 4: Shannon s Theory, Section 5: Modern Cryptography, Section 6: The Data Encryption Standard, Section 7: International

More information

Lecture 11: Key Agreement

Lecture 11: Key Agreement Introduction to Cryptography 02/22/2018 Lecture 11: Key Agreement Instructor: Vipul Goyal Scribe: Francisco Maturana 1 Hardness Assumptions In order to prove the security of cryptographic primitives, we

More information

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each

More information

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups

More information

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017 CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto

More information

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm Review CS311H: Discrete Mathematics Number Theory Instructor: Işıl Dillig What does it mean for two ints a, b to be congruent mod m? What is the Division theorem? If a b and a c, does it mean b c? What

More information

Ma/CS 6a Class 1. Course Details

Ma/CS 6a Class 1. Course Details Ma/CS 6a Class 1 By Adam Sheffer Course Details Adam Sheffer. adamsh@caltech.edu 1:00 Monday, Wednesday, and Friday. http://www.math.caltech.edu/~2014-15/1term/ma006a/ 1 Course Structure No exam! Grade

More information

Winter 2011 Josh Benaloh Brian LaMacchia

Winter 2011 Josh Benaloh Brian LaMacchia Winter 2011 Josh Benaloh Brian LaMacchia Fun with Public-Key Tonight we ll Introduce some basic tools of public-key crypto Combine the tools to create more powerful tools Lay the ground work for substantial

More information

CHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30

CHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30 CHALMERS GÖTEBORGS UNIVERSITET CRYPTOGRAPHY TDA35 (Chalmers) - DIT50 (GU) 11 April 017, 8:30-1:30 No extra material is allowed during the exam except for pens and a simple calculator (not smartphones).

More information

Solution to Midterm Examination

Solution to Midterm Examination YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Handout #13 Xueyuan Su November 4, 2008 Instructions: Solution to Midterm Examination This is a closed book

More information

Public-key Cryptography and elliptic curves

Public-key Cryptography and elliptic curves Public-key Cryptography and elliptic curves Dan Nichols nichols@math.umass.edu University of Massachusetts Oct. 14, 2015 Cryptography basics Cryptography is the study of secure communications. Here are

More information

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2 Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number

More information

Elliptic Curve Cryptography with Derive

Elliptic Curve Cryptography with Derive Elliptic Curve Cryptography with Derive Johann Wiesenbauer Vienna University of Technology DES-TIME-2006, Dresden General remarks on Elliptic curves Elliptic curces can be described as nonsingular algebraic

More information

Cryptography. P. Danziger. Transmit...Bob...

Cryptography. P. Danziger. Transmit...Bob... 10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of

More information

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications

More information

CPSC 467: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 23, 2017 CPSC 467, Lecture 14 1/42 Computing in Z n Modular multiplication Modular inverses Extended Euclidean algorithm

More information

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes. INTEGERS PETER MAYR (MATH 2001, CU BOULDER) In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes. 1. Divisibility Definition. Let a, b

More information

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several

More information

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS 1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!

More information

RSA RSA public key cryptosystem

RSA RSA public key cryptosystem RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.

More information

ECS 189A Final Cryptography Spring 2011

ECS 189A Final Cryptography Spring 2011 ECS 127: Cryptography Handout F UC Davis Phillip Rogaway June 9, 2011 ECS 189A Final Cryptography Spring 2011 Hints for success: Good luck on the exam. I don t think it s all that hard (I do believe I

More information

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction Tutorial on Quantum Computing Vwani P. Roychowdhury Lecture 1: Introduction 1 & ) &! # Fundamentals Qubits A single qubit is a two state system, such as a two level atom we denote two orthogonal states

More information

Introduction to Cybersecurity Cryptography (Part 4)

Introduction to Cybersecurity Cryptography (Part 4) Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message

More information

Asymmetric Encryption

Asymmetric Encryption -3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function

More information

arxiv: v3 [cs.cr] 15 Jun 2017

arxiv: v3 [cs.cr] 15 Jun 2017 Use of Signed Permutations in Cryptography arxiv:1612.05605v3 [cs.cr] 15 Jun 2017 Iharantsoa Vero RAHARINIRINA ihvero@yahoo.fr Department of Mathematics and computer science, Faculty of Sciences, BP 906

More information

Public-key Cryptography and elliptic curves

Public-key Cryptography and elliptic curves Public-key Cryptography and elliptic curves Dan Nichols University of Massachusetts Amherst nichols@math.umass.edu WINRS Research Symposium Brown University March 4, 2017 Cryptography basics Cryptography

More information

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I Number Theory: Applications Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Fall 2007 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 3.4 3.7 of Rosen cse235@cse.unl.edu

More information

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,

More information

Crypto math II. Alin Tomescu May 27, Abstract A quick overview on group theory from Ron Rivest s course in Spring 2015.

Crypto math II. Alin Tomescu May 27, Abstract A quick overview on group theory from Ron Rivest s course in Spring 2015. Crypto math II Alin Tomescu alinush@mit.edu May 7, 015 Abstract A quick overview on group theory from Ron Rivest s 6.857 course in Spring 015. 1 Overview Group theory review Diffie-Hellman (DH) key exchange

More information

Lecture 17: Constructions of Public-Key Encryption

Lecture 17: Constructions of Public-Key Encryption COM S 687 Introduction to Cryptography October 24, 2006 Lecture 17: Constructions of Public-Key Encryption Instructor: Rafael Pass Scribe: Muthu 1 Secure Public-Key Encryption In the previous lecture,

More information

Cryptography. pieces from work by Gordon Royle

Cryptography. pieces from work by Gordon Royle Cryptography pieces from work by Gordon Royle The set-up Cryptography is the mathematics of devising secure communication systems, whereas cryptanalysis is the mathematics of breaking such systems. We

More information

Introduction to Cybersecurity Cryptography (Part 4)

Introduction to Cybersecurity Cryptography (Part 4) Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message

More information

Public-Key Encryption: ElGamal, RSA, Rabin

Public-Key Encryption: ElGamal, RSA, Rabin Public-Key Encryption: ElGamal, RSA, Rabin Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Public-Key Encryption Syntax Encryption algorithm: E. Decryption

More information

Univ.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.

Univ.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m. Cryptography Univ.-Prof. Dr. rer. nat. Rudolf Mathar 1 2 3 4 15 15 15 15 60 Written Examination Cryptography Tuesday, August 29, 2017, 01:30 p.m. Name: Matr.-No.: Field of study: Please pay attention to

More information

Arithmétique et Cryptographie Asymétrique

Arithmétique et Cryptographie Asymétrique Arithmétique et Cryptographie Asymétrique Laurent Imbert CNRS, LIRMM, Université Montpellier 2 Journée d inauguration groupe Sécurité 23 mars 2010 This talk is about public-key cryptography Why did mathematicians

More information

ECE596C: Handout #11

ECE596C: Handout #11 ECE596C: Handout #11 Public Key Cryptosystems Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract In this lecture we introduce necessary mathematical background for studying

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 14, 2013 CPSC 467b, Lecture 9 1/42 Integer Division (cont.) Relatively prime numbers, Z n, and φ(n) Computing in Z n

More information

Using semidirect product of (semi)groups in public key cryptography

Using semidirect product of (semi)groups in public key cryptography Using semidirect product of (semi)groups in public key cryptography Delaram Kahrobaei City University of New York Graduate Center: PhD Program in Computer Science NYCCT: Mathematics Department University

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 6, 2012 CPSC 467b, Lecture 9 1/53 Euler s Theorem Generating RSA Modulus Finding primes by guess and check Density of

More information