KTH, NADA , and D1449 Kryptografins grunder. Lecture 6: RSA. Johan Håstad, transcribed by Martin Lindkvist
|
|
- Gloria Charles
- 6 years ago
- Views:
Transcription
1 Lecture 6: RSA Johan Håstad, transcribed by Martin Lindkvist , and Introduction Using an ordinary cryptosystem, encryption uses a key K and decryption is performed by reversing each step of the encryption and hence it uses the same key K. Could there be another way where you could use one key, E, to encrypt and another key, D, to decrypt the message? In this case decryption cannot be done by reversing each step ofthe encryption and hence its correctness has to depend on some mathematical insight. 2 Fermat s little theorem This theorem states that if p is a prime then a p 1 1(modp) for 1 a p 1. For example p =7and a =2gives 2 6 =64 1(mod7). Note that this does not imply that 7 is a prime and should only be taken as evidence that 7 might be prime. 3 Public Key Encryption So we are heading for a technique where we could publish p, e to encrypt and keep d secret for decryption. To be able to do this we have three requirements that needs to be fulfilled: 1. Easy to create keys. 2. Easy to encrypt/decrypt. 3. Hard to decipher given the public key (p,e). 1av7
2 Let us try an example relying on Fermat s little theorem. Set ed =2(p 1) + 1 = 2p 1 where p is a prime Then we could get the encryption C, ofthe message M by C = M e (mod p) and we could decrypt it with C d because C d = M ed = M 2(p 1)+1 = M (mod p). This would not be so great though because ifwe know e and p then a simple division is sufficient to find d. So with this method our third requirement is not fulfilled. Let us be more liberal and only require that ed =1(modp). Still decryption works and, at first sight, it is not obvious how to compute d from e and p. Before we dicsuss this construction let us take a detour. 4 How to find primes? The method for Public Key Encryption that we decided to use above is based on large primes. Therefor it s necessary that we know a good way for finding large primes. The Miller-Rabin primality test is a primality test that works in time O((log p) 3 ) and determines whether p is a prime or not. It is very similar to the simpler Fermat primality test. 4.1 The Fermat primality test The Fermat s little theorem stated that if p is a prime then a p 1 1(modp) for 1 a p 1. So ifwe want to test ifp is a prime then we can choose random a s in the interval and see ifthe equality holds. Ifit does hold for many a s then we can be pretty sure that it is a prime. This works for almost all numbers. The Miller-Rabin test is a slight extension that does work for all numbers but we do not give the details here. 4.2 How to compute a p 1 This is not trivial for big primes but there is a shortcut. Suppose p and a>2. Howbigisa p 1? It sasbigas and has decimals which is too big. But we now make an important observation: a, a 2,a 3,a 4,..., a p 1 (all (mod p)) All those are not needed in order to determine a p 1. For example a 4 =(a 2 ) 2 (mod p) which saves us some work and a 8 =(a 4 ) 2 (mod p) saves us even more and so on. It turns out that we only need 2logp multiplications (mod p) to compute a p 1 (mod p). 2av7
3 5 Returning to encryption. Let us return to the suggestion above ofusing e and d such that ed =1 (mod p 1). It turns out that it is easy to compute d from e and p. We use the Euclidean algorithm that computes the GCD (Greatest Common Divisor). With the Extended Euclidean algorithm we, apart from the GCD, also get useful co-factors. We run GCD(e, p 1) which will tell us that the greatest common divisor is 1 but we also get two integers x and y such that xe + y(p 1) = 1 and we can set d = x. A small example will probably make it more clear. Given p =67and e =17compute d. p 1=67 1=66 The Euclidean algorithm gives us: = = =1 Walk up the road... 1=15 7 2=15 7(17 15) = = 8( ) 7 17 = = 35 (mod 66) = d = 1 (mod 66) To make it more difficult to find d we work modulo composite numbers instead ofmodulo primes and get the following description ofthe famous RSA-encryption scheme: 1. Find primes p and q ( ). 2. Choose e with GCD(e, (p 1)(q 1)) = Compute d where de =1 (mod(p 1)(q 1)) by using the Euclidean algorithm. 4. Publish N and e (N = pq but p and q must ofcourse be kept safe). To encrypt the message (M) to the cipher (C) wetakem to the power of e. For decryption we take C to the power of d to get back to M: 3av7
4 Encryption: C = M e (mod N) Decryption: M = C d (mod N) To see that the decryption is correct assume that the answer is M and remember that ed =1 (modp 1) which implies that ed =1+k(p 1) for some integer k and hence M = C d = M ed = M k(p 1)+1 = M (M p 1 ) k = M mod p and similarly mod q. This implies that M M is divisible by p and q and hence by N and we conclude that M = M (mod N) and decryption is correct. When using RSA for long messages we encrypt block by block where a block M i satisfies 1 M i N and thus has about as many bits as N. In practice RSA is only used to encrypt the a key that can be used to encrypt a message in another symmetric cipher (like AES for example). This is because RSA is much slower. 5.1 Security of RSA The security ofthis cipher basicly depends on two things: 1. How hard is factoring? If we find p and q we can surely find d. 2. Do we really need to factor in order to break RSA? There exists several ways for factoring N and they are not all as fast as we would like them to. Suppose N which is about 155 decimal digits. 1. Trial Division. Works in time N which for our example gives about operations and that is very inefficient. 2. Pollard-ρ. Works in time p where p is the smallest prime factor. This takes about operations in our example which also is too inefficient. 3. Quadratic Sieve Works in time 2 c log N log log N, this is not enough for 512 bits either but it works for digits. 4. Number Field Sieve. Works in time 2 c(log N)3 (log log N) 2/3. With this algorithm we would find the factors of a 512-bit integer in about a week with pretty good computer power. The official world record is factoring a number with 200 digits with this algorithm. 4av7
5 Quantum computers are very good at factorization ( (log N) 3 )soifthey would become reality that would be a real threat to RSA. Regarding the other question about the security ofrsa, ifwe really need to factor N to decrypt RSA nobody knows that answer. What we do know is that ifwant to find d then this is essentially as hard as factoring. Let us briefly see why this is the case by giving a procedure that factors N given d. We know that ed 1 is a multiple of (p 1)(q 1) and hence by Fermat s little theorem a ed 1 1(modN). Nowwriteed 1=2 t U where U is odd. Consider the sequence a U,a 2U,a 4U,..., a 2tU. (1) It ends in a one and each number is the square ofthe previous number. Now the equation x 2 =1 (modn) only has the solutions ±1 iff N prime. However if N = p q then we have four solutions as { x = ±1 (mod p) x 2 =1 (modp) x = ±1 (mod q) x 2 =1 (modq), and we can combine the two pairs in any way we want. In particular, if N = 15 then the four solutions are 1, 4, 11 and 14. For example 4 = 1 (mod 3) and 4= 1 (mod5). For one ofthe interesting solutions (i.e. not ±1) it turns out that GCD(N,x 1) gives a nontrivial factor of N. One can prove that the above sequence (1) contains such an interesting solution with probability at least one half. 5.2 How to choose e? (andd) We have two alternatives: Choose e, calculated SGD(e, (p 1)(q 1)),or Choose d, calculatee SGD(d, (p 1)(q 1)). Small numbers give fast calculations as computing C = M e takes about log e operations and thus it might be tempting to use e (or d) small. Having d really small is clearly bad as it can be guessed. One can even prove that even mid-size d is bad and in fact for d as large as N 1/4, d can be efficiently found from the continued fraction expansion of the number e/n. We skip the details. Having e really small might be slightly dangerous in some situations but no one knows how to find M from M 3 (mod N) if M is chosen randomly. A weakness with this is ifwe have small messages. IfM is small (for example a symmetric key) M M <Nand M 3 (mod N) = M 3 and cube roots are simple to calculate over integers. 5av7
6 5.3 Weakness There are a few known weakness in RSA, here are some of them: 1. Ifwe have a encryption ofm we can easily create a encryption of 2M. (2M) e =2 e M e 2. We can guess what the message is and then encrypt it ourselves and see ifwe were right. Both ofthese problems can be solved with padding. A fixed padding solves the first weakness and a random padding solves the second. In practice there is another way to attack RSA. By timing the decryption we can get some information. We can definitely compute the number of 1 s in d and we can even compute exactly what d is. It s enough with a couple ofthousand decryptions to compute d. The cure for this is to put in some dummy operations in the decryption implementation. A similar attack is to supervise the power used by a device doing decryption but also this problem is also solved with dummy operations. 6 Chinese Remainder Theorem (CRT) This theorem states that if N = r i=1 p i where p i are primes (or at least co-prime) then x = x i (mod p i ) where i =1, 2,..., r is uniquely and efficiently solvable by a number x modulo N. Let us be slightly more explicit when we have two factors, i.e. N = p 1 p 2 and we want to solve x = x 1 (mod p 1 ) x = x 2 (mod p 2 ) We claim that we can find the solution as x = U 1 x 1 + U 2 x 2 (mod N), where U 1 = { 1 (mod p 1 ) 0 (mod p 2 ) U 2 = { 0 (mod p 1 ) 1 (mod p 2 ). 6av7
7 To see that this is correct let us check the equation modulo p 1.Wehave x = x 1 U 1 + x 2 U 2 = x 1 1+x 2 0=x 1 (mod p 1 ) and equality modulo p 2 can be checked in a similar way. To find U 1 and U 2 we use the Extended Euclidean Algorithm computing GCD(p 1,p 2 ) which gives us numbers a and b such that 1=a p 1 + b p 2 and we can set U 2 = a p 1 and U 1 = b p 2. All these operations are in fact extremely efficient and in particular are much faster than an RSA encryption or decryption. With help from the CRT we can speed up the decryption of RSA as follows. As a first idea we can compute the result mod p and q separately, i.e. to merge the results of C d (mod p) and C d (mod q). This will require twice as many operations as we need to compute two exponentiations. However as partial results need only be calculated modulo p and modulo q respectively, these operations are done with numbers ofonly halfas many bits and hence each multiplication costs only a forth of what it costs for full size numbers. As CRT is almost for free we gain a factor about 2 in running time. We can be even smarter and calculate better decryption exponents. When computing the result mod p we can use an exponent d 1 such that C d 1 = M (mod p), i.e. it is enough that e d 1 =1 (modp 1) and hence d 1 need only be large as p. Similarly we computed a decryption exponent d 2 such that e d 2 =1 (modq 1). Wegetthatd 1 and d 2 are now halfas many bits as d and we gain an additional factor of two. 7av7
Lecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationCryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage
Cryptosystem Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage f(m). The receiver computes f 1 (f(m)). Advantage: Cannot
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationThe RSA cryptosystem and primality tests
Mathematics, KTH Bengt Ek November 2015 Supplementary material for SF2736, Discrete mathematics: The RSA cryptosystem and primality tests Secret codes (i.e. codes used to make messages unreadable to outsiders
More informationCryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1
Cryptography CS 555 Topic 18: RSA Implementation and Security Topic 18 1 Outline and Readings Outline RSA implementation issues Factoring large numbers Knowing (e,d) enables factoring Prime testing Readings:
More informationNumber Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.
CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 8 February 1, 2012 CPSC 467b, Lecture 8 1/42 Number Theory Needed for RSA Z n : The integers mod n Modular arithmetic GCD Relatively
More informationNumber theory (Chapter 4)
EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?
More informationMa/CS 6a Class 4: Primality Testing
Ma/CS 6a Class 4: Primality Testing By Adam Sheffer Reminder: Euler s Totient Function Euler s totient φ(n) is defined as follows: Given n N, then φ n = x 1 x < n and GCD x, n = 1. In more words: φ n is
More informationChapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations
Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 9.1 Chapter 9 Objectives
More informationOverview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017
CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationbasics of security/cryptography
RSA Cryptography basics of security/cryptography Bob encrypts message M into ciphertext C=P(M) using a public key; Bob sends C to Alice Alice decrypts ciphertext back into M using a private key (secret)
More informationIntroduction to Public-Key Cryptosystems:
Introduction to Public-Key Cryptosystems: Technical Underpinnings: RSA and Primality Testing Modes of Encryption for RSA Digital Signatures for RSA 1 RSA Block Encryption / Decryption and Signing Each
More informationSenior Math Circles Cryptography and Number Theory Week 2
Senior Math Circles Cryptography and Number Theory Week 2 Dale Brydon Feb. 9, 2014 1 Divisibility and Inverses At the end of last time, we saw that not all numbers have inverses mod n, but some do. We
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 12: Introduction to Number Theory II Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline This time we ll finish the
More informationLecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya
BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 9 September 30, 2015 CPSC 467, Lecture 9 1/47 Fast Exponentiation Algorithms Number Theory Needed for RSA Elementary Number Theory
More informationCSE 521: Design and Analysis of Algorithms I
CSE 521: Design and Analysis of Algorithms I Randomized Algorithms: Primality Testing Paul Beame 1 Randomized Algorithms QuickSelect and Quicksort Algorithms random choices make them fast and simple but
More informationLecture 7: ElGamal and Discrete Logarithms
Lecture 7: ElGamal and Discrete Logarithms Johan Håstad, transcribed by Johan Linde 2006-02-07 1 The discrete logarithm problem Recall that a generator g of a group G is an element of order n such that
More informationTi Secured communications
Ti5318800 Secured communications Pekka Jäppinen September 20, 2007 Pekka Jäppinen, Lappeenranta University of Technology: September 20, 2007 Relies on use of two keys: Public and private Sometimes called
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationThe security of RSA (part 1) The security of RSA (part 1)
The modulus n and its totient value φ(n) are known φ(n) = p q (p + q) + 1 = n (p + q) + 1 The modulus n and its totient value φ(n) are known φ(n) = p q (p + q) + 1 = n (p + q) + 1 i.e. q = (n φ(n) + 1)
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More informationNotes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I
Number Theory: Applications Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry Fall 2007 Computer Science & Engineering 235 Introduction to Discrete Mathematics Sections 3.4 3.7 of Rosen cse235@cse.unl.edu
More informationLecture 11 - Basic Number Theory.
Lecture 11 - Basic Number Theory. Boaz Barak October 20, 2005 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are non-negative integers. We say that a divides b,
More informationCryptography. P. Danziger. Transmit...Bob...
10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationNUMBER THEORY AND CODES. Álvaro Pelayo WUSTL
NUMBER THEORY AND CODES Álvaro Pelayo WUSTL Talk Goal To develop codes of the sort can tell the world how to put messages in code (public key cryptography) only you can decode them Structure of Talk Part
More informationCOMP4109 : Applied Cryptography
COMP409 : Applied Cryptography Fall 203 M. Jason Hinek Carleton University Applied Cryptography Day 3 public-key encryption schemes some attacks on RSA factoring small private exponent 2 RSA cryptosystem
More informationLECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS
LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several
More informationICS141: Discrete Mathematics for Computer Science I
ICS141: Discrete Mathematics for Computer Science I Dept. Information & Computer Sci., Jan Stelovsky based on slides by Dr. Baek and Dr. Still Originals by Dr. M. P. Frank and Dr. J.L. Gross Provided by
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 10 February 19, 2013 CPSC 467b, Lecture 10 1/45 Primality Tests Strong primality tests Weak tests of compositeness Reformulation
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More informationLogic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation
Quantum logic gates Logic gates Classical NOT gate Quantum NOT gate (X gate) A NOT A α 0 + β 1 X α 1 + β 0 A N O T A 0 1 1 0 Matrix form representation 0 1 X = 1 0 The only non-trivial single bit gate
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More information10 Modular Arithmetic and Cryptography
10 Modular Arithmetic and Cryptography 10.1 Encryption and Decryption Encryption is used to send messages secretly. The sender has a message or plaintext. Encryption by the sender takes the plaintext and
More informationMathematics of Cryptography
Modulo arithmetic Fermat's Little Theorem If p is prime and 0 < a < p, then a p 1 = 1 mod p Ex: 3 (5 1) = 81 = 1 mod 5 36 (29 1) = 37711171281396032013366321198900157303750656 = 1 mod 29 (see http://gauss.ececs.uc.edu/courses/c472/java/fermat/fermat.html)
More informationMath/Mthe 418/818. Review Questions
Math/Mthe 418/818 Review Questions 1. Show that the number N of bit operations required to compute the product mn of two integers m, n > 1 satisfies N = O(log(m) log(n)). 2. Can φ(n) be computed in polynomial
More informationNumber Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers
Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications
More informationMa/CS 6a Class 4: Primality Testing
Ma/CS 6a Class 4: Primality Testing By Adam Sheffer Send anonymous suggestions and complaints from here. Email: adamcandobetter@gmail.com Password: anonymous2 There aren t enough crocodiles in the presentations
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 6, 2012 CPSC 467b, Lecture 9 1/53 Euler s Theorem Generating RSA Modulus Finding primes by guess and check Density of
More information1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation
1 The Fundamental Theorem of Arithmetic A positive integer N has a unique prime power decomposition 2 Primality Testing Integer Factorisation (Gauss 1801, but probably known to Euclid) The Computational
More informationIntroduction to Cybersecurity Cryptography (Part 5)
Introduction to Cybersecurity Cryptography (Part 5) Prof. Dr. Michael Backes 13.01.2017 February 17 th Special Lecture! 45 Minutes Your Choice 1. Automotive Security 2. Smartphone Security 3. Side Channel
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationOWO Lecture: Modular Arithmetic with Algorithmic Applications
OWO Lecture: Modular Arithmetic with Algorithmic Applications Martin Otto Winter Term 2008/09 Contents 1 Basic ingredients 1 2 Modular arithmetic 2 2.1 Going in circles.......................... 2 2.2
More informationAttacks on RSA & Using Asymmetric Crypto
Attacks on RSA & Using Asymmetric Crypto Luke Anderson luke@lukeanderson.com.au 7 th April 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Breaking RSA 2.1 Chinese Remainder Theorem 2.2 Common
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationRSA: Genesis, Security, Implementation & Key Generation
ECE 646 Lecture 8 RSA: Genesis, Security, Implementation & Key Generation Public Key (Asymmetric) Cryptosystems Public key of Bob - K B Private key of Bob - k B Network Alice Encryption Decryption Bob
More informationECE 646 Lecture 8. RSA: Genesis, Security, Implementation & Key Generation
ECE 646 Lecture 8 RSA: Genesis, Security, Implementation & Key Generation Public Key (Asymmetric) Cryptosystems Public key of Bob - K B Private key of Bob - k B Network Alice Encryption Decryption Bob
More informationAddition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?
Ch - Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication al-khwārizmī
More informationRSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality
ECE646 Lecture RSA Key Generation Required Reading W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality A.Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationMathematics of Public Key Cryptography
Mathematics of Public Key Cryptography Eric Baxter April 12, 2014 Overview Brief review of public-key cryptography Mathematics behind public-key cryptography algorithms What is Public-Key Cryptography?
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationLecture 6: Cryptanalysis of public-key algorithms.,
T-79.159 Cryptography and Data Security Lecture 6: Cryptanalysis of public-key algorithms. Helsinki University of Technology mjos@tcs.hut.fi 1 Outline Computational complexity Reminder about basic number
More informationECE596C: Handout #11
ECE596C: Handout #11 Public Key Cryptosystems Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract In this lecture we introduce necessary mathematical background for studying
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA: Review and Properties Factoring Algorithms Trapdoor One Way Functions PKC Based on Discrete Logs (Elgamal) Signature Schemes Lecture 8 Tel-Aviv University
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationCS March 17, 2009
Discrete Mathematics CS 2610 March 17, 2009 Number Theory Elementary number theory, concerned with numbers, usually integers and their properties or rational numbers mainly divisibility among integers
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 13 (rev. 2) Professor M. J. Fischer October 22, 2008 53 Chinese Remainder Theorem Lecture Notes 13 We
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 14, 2013 CPSC 467b, Lecture 9 1/42 Integer Division (cont.) Relatively prime numbers, Z n, and φ(n) Computing in Z n
More informationIntroduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions
Introduction to Modern Cryptography Lecture 7 1. RSA Public Key CryptoSystem 2. One way Trapdoor Functions Diffie and Hellman (76) New Directions in Cryptography Split the Bob s secret key K to two parts:
More informationFactorization & Primality Testing
Factorization & Primality Testing C etin Kaya Koc http://cs.ucsb.edu/~koc koc@cs.ucsb.edu Koc (http://cs.ucsb.edu/~ koc) ucsb ccs 130h explore crypto fall 2014 1/1 Primes Natural (counting) numbers: N
More informationNumber Theory & Modern Cryptography
Number Theory & Modern Cryptography Week 12 Stallings: Ch 4, 8, 9, 10 CNT-4403: 2.April.2015 1 Introduction Increasing importance in cryptography Public Key Crypto and Signatures Concern operations on
More informationTheme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS
1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!
More informationcse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications
cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications n-bit unsigned integer representation Represent integer x as sum of powers of 2: If x = n 1 i=0 b i 2 i where each b i
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 23, 2017 CPSC 467, Lecture 14 1/42 Computing in Z n Modular multiplication Modular inverses Extended Euclidean algorithm
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationFactoring and RSA Codes using DERIVE Johann Wiesenbauer, Technical Univ. of Vienna,
Proceedings of the Third International DERIVE/TI-9 Conference Factoring and RSA Codes using DERIVE Johann Wiesenbauer, Technical Univ. of Vienna, j.wiesenbauer@tuwien.ac.at Much to the surprise of many
More information19. Coding for Secrecy
19. Coding for Secrecy 19.1 Introduction Protecting sensitive information from the prying eyes and ears of others is an important issue today as much as it has been for thousands of years. Government secrets,
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #9 Sep 22 nd 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Midterm #1, next class (Tues, Sept 27 th ) All lecture materials and readings
More informationcse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications
cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications casting out 3s Theorem: A positive integer n is divisible by 3 if and only if the sum of its decimal digits is divisible
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationMath.3336: Discrete Mathematics. Mathematical Induction
Math.3336: Discrete Mathematics Mathematical Induction Instructor: Dr. Blerina Xhabli Department of Mathematics, University of Houston https://www.math.uh.edu/ blerina Email: blerina@math.uh.edu Fall 2018
More informationLecture 15 & 16: Trapdoor Permutations, RSA, Signatures
CS 7810 Graduate Cryptography October 30, 2017 Lecture 15 & 16: Trapdoor Permutations, RSA, Signatures Lecturer: Daniel Wichs Scribe: Willy Quach & Giorgos Zirdelis 1 Topic Covered. Trapdoor Permutations.
More informationThe RSA Cipher and its Algorithmic Foundations
Chapter 1 The RSA Cipher and its Algorithmic Foundations The most important that is, most applied and most analyzed asymmetric cipher is RSA, named after its inventors Ron Rivest, Adi Shamir, and Len Adleman.
More informationTopics in Cryptography. Lecture 5: Basic Number Theory
Topics in Cryptography Lecture 5: Basic Number Theory Benny Pinkas page 1 1 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem: generating
More informationFactoring. there exists some 1 i < j l such that x i x j (mod p). (1) p gcd(x i x j, n).
18.310 lecture notes April 22, 2015 Factoring Lecturer: Michel Goemans We ve seen that it s possible to efficiently check whether an integer n is prime or not. What about factoring a number? If this could
More information10 Concrete candidates for public key crypto
10 Concrete candidates for public key crypto In the previous lecture we talked about public key cryptography and saw the Diffie Hellman system and the DSA signature scheme. In this lecture, we will see
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationApplied Cryptography and Computer Security CSE 664 Spring 2017
Applied Cryptography and Computer Security Lecture 11: Introduction to Number Theory Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline What we ve covered so far: symmetric
More informationMy brief introduction to cryptography
My brief introduction to cryptography David Thomson dthomson@math.carleton.ca Carleton University September 7, 2013 introduction to cryptography September 7, 2013 1 / 28 Outline 1 The general framework
More informationBiomedical Security. Some Security News 9/17/2018. Erwin M. Bakker. Blockchains are not safe for voting (slashdot.org) : From: paragonie.
Biomedical Security Erwin M. Bakker Some Security News From: NYTimes Blockchains are not safe for voting (slashdot.org) : From Motherboard.vice.com ECDAA: Eliptic Curve Direct Anonymous Attestation for
More informationCPSC 467b: Cryptography and Computer Security
Outline Quadratic residues Useful tests Digital Signatures CPSC 467b: Cryptography and Computer Security Lecture 14 Michael J. Fischer Department of Computer Science Yale University March 1, 2010 Michael
More informationCourse 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography
Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups
More informationPublic Key Encryption
Public Key Encryption KG October 17, 2017 Contents 1 Introduction 1 2 Public Key Encryption 2 3 Schemes Based on Diffie-Hellman 3 3.1 ElGamal.................................... 5 4 RSA 7 4.1 Preliminaries.................................
More informationLecture 3.1: Public Key Cryptography I
Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena Today s Informative/Fun Bit Acoustic Emanations http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+em
More informationBasic elements of number theory
Cryptography Basic elements of number theory Marius Zimand 1 Divisibility, prime numbers By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a
More information9 Modular Exponentiation and Square-Roots
9 Modular Exponentiation and Square-Roots Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system. 9. Modular Exponentiation
More informationCSc 466/566. Computer Security. 5 : Cryptography Basics
1/84 CSc 466/566 Computer Security 5 : Cryptography Basics Version: 2012/03/03 10:44:26 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg Christian
More information