Mathematical Foundations of Public-Key Cryptography

Size: px
Start display at page:

Download "Mathematical Foundations of Public-Key Cryptography"

Transcription

1 Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010)

2 Outline Review: Basic Mathematical Foundations Group Theory Number Theory Case Study: RSA Cryptosystem

3 Review: Sets A set S is an unordered collection of similar mathematical objects Duplicate objects are not double counted Suppose S 1 = {1, 2, 3, 4} and S 2 = {1, 2, 3, 4, 2}. Both sets have four elements Operations: Intersection: S 1 \ S 2 = {s 1,s 2 : s 1 2 S 1 ^ s 2 2 S 2 } Union: S 1 [ S 2 = {s 1,s 2 : s 1 2 S 1 _ s 2 2 S 2 } Cardinality: S = number of elements in S Well-known sets: N = {1, 2,...} Z = {0, ±1, ±2,...} Q = {p/q : p, q 2 Z ^ q 6= 0} R = {real numbers} C = {complex numbers}

4 Review: Relations A relation R on sets S 1,...,S N is a subset of their Cartesian product: R S 1 S N R s arity equals N (binary, n-ary) Properties: Reflexive: if for all s 2 S, s R s Symmetric: if s 1 R s 2 =) s 2 R s 1 for all s 1,s 2 2 S Transitive: if s 1 R s 2 ^ s 2 R s 3 =) s 1 R s 3 for all s 1,s 2,s 3 2 S Equivalence relation: a relation R that is reflexive, symmetric, and transitive

5 Review: Integer Division For an integer divisor d, we can write any integer n as n = d q + r, where r 2 [0,...,d 1]. As n r = d q, n r (mod d). Division by d actually partitions Z into equivalence classes w.r.t. congruence modulo d: Example 1: Odd and even integers. d =2. Every odd integer n can be written as 2 q +1for some integer q. Every even integer m can be written as 2 q 0 for some integer q 0. The equivalence classes are {..., 3, 1, 1, 3,...} and {..., 4, 2, 0, 2, 4,...}. Example 2: d =5. Notice 8 3=5 1and 23 3 = 5 4, so 23 8 (mod 5). Remainders are not unique! What are the equivalence classes? See (Knuth, 1997; Paar and Pelzl, 2010) for more details.

6 Outline Review: Basic Mathematical Foundations Group Theory Number Theory Case Study: RSA Cryptosystem

7 Groups I A group comprises a set G and an operator, which maps each pair (a, b) (where a, b 2 G) to (a b) 2 G subject to the following axioms: (Stallings, 2006): (A1) Closure: a, b 2 G =) a b 2 G; (A2) Associativity: a (b c) =(a b) c for all a, b, c 2 G; (A3) Identity element: There is an element " 2 G such that a " = " a = a for all a 2 G. (A4) Inverse element: For each a 2 G, there is an element a 0 2 G such that a a 0 = a 0 a = ". Abelian groups obey axiom (A5), commutativity: a b = b a for all a, b 2 G. Not all groups are abelian! refers to any generic operator that obeys axioms (A1) (A4)

8 Groups II Example group: S n, the set of all possible permutations of N = {1,...,n} distinct symbols, denotes permutation operation (Stallings, 2006) Permuting a permutation of N yields a permutation of N, e.g., {3, 2, 1} {1, 3, 2} = {2, 3, 1} for n =3 Associativity holds too Identity element: {1,...,n} Inverse element: permutation mapping N s current permutation to {1,...,n}

9 Rings I A ring R is an abelian group with addition and multiplication operations +, satisfying the following axioms: (Stallings, 2006) (A1) (A5) Abelian group axioms (closure under addition operator +, associativity of addition, existence of identity element 0, existence of inverse element a) (M1) Closure under multiplication: for all a, b 2 R, a b 2 R (M2) Associativity of multiplication: (a b) c = a (b c) for all a, b, c 2 R (M3) Distributive laws: a (b + c) =(a b)+(a c) for all a, b, c 2 R; (a + b) c =(a c)+(b c) for all a, b, c 2 R.

10 Rings II Commutative rings satisfy axiom (M4), commutativity of multiplication: a b = b a for all a, b 2 R Integral domains are commutative rings satisfying the following additional axioms: (M5) Multiplicative identity: There is an element 1 2 R such that a 1=1 a = a for all a 2 R (M6) No zero divisors: If a, b 2 R and a b =0, then a =0or b =0

11 Rings III Example: Ring of integers Z m = {0,...,m 1} with addition, multiplication operators +, such that, for a, b 2 Z m : (Paar and Pelzl, 2010) (1) a + b = c (mod m) (c 2 Z m ); (2) a b = d (mod m) (d 2 Z m ). If m =9, then Z 9 = {0, 1, 2, 3, 4, 5, 6, 7, 8} = 14 5 (mod 9) 6 8 = 48 3 (mod 9) Multiplicative inverse exists only for integers a 2 Z m coprime to m. For such integers, (a b) (a c) (modn) =) b c (mod n).

12 Fields A field F is a set of elements with addition and multiplication operations +, satisfying the following axioms: (A1) (M6) Integral domain axioms (M7) Multiplicative inverse: For all a 2 F (except 0), there is an element a 1 2 F such that a a 1 =(a 1 a) =1. Examples of fields: rational numbers Q, real numbers R, complex numbers C

13 Outline Review: Basic Mathematical Foundations Group Theory Number Theory Case Study: RSA Cryptosystem

14 Primality An integer n is prime if and only if n has two divisors: 1 and n. Example primes: P = {2, 3, 5, 7, 11, 13, 17, 19,...} = {p 1,p 2,...} Fundamental Theorem of Arithmetic: Every integer n>1 is either prime or can be written as a unique product of primes. Examples: 7=7 1 = = = More generally, n = p e 1 1 pe 2 2 = Y p i 2P p e i i, where e i 2{0, 1, 2,...} (1)

15 Greatest Common Divisor The greatest common divisor (GCD) of integers m and n is the largest integer d that divides both m and n. Notation: gcd(m, n) =d. If gcd(m, n) =1for integers m and n, then m and n are coprime. How do we find the GCD? Small numbers: multiply common prime factors. Example: m = 84,n= 30. m = ; n =2 3 5; gcd(m, n) =2 3=6 This approach is inefficient for large numbers

16 Euclid s Algorithm Faster algorithm to find GCD, exploits the following theorem: gcd(m, n) =gcd(n, m mod n) (m>n) PROOF: Let d = gcd(m, n). As d m and d n, we can write m = d k and n = d ` for coprime integers k, ` (k >`>0). (k `) and ` are coprime too. Then gcd(x y, y) = gcd(d (k `),d `) =d. Algorithm 1 EUCLID(m, n) 1: A m; B n 2: while B 6= 0do 3: R A mod B 4: A B 5: B R 6: return A Compute gcd(84, 30) and gcd(973, 301).

17 Extended Euclidean Algorithm If gcd(m, n) =1for positive integer m<n, there is a positive multiplicative inverse modulo m, n 1, such that n n 1 =1modm Euclidean algorithm can be extended to compute n 1 if it exists (and return gcd(m, n)) (Stallings, 2006) Algorithm 2 EXTENDED EUCLID(m, n) 1: (A 1,A 2,A 3 ) (1, 0,m); (B 1,B 2,B 3 ) (0, 1,n) 2: while true do 3: if B 3 == 0 then return A 3 // no inverse 4: if B 3 == 1 then return B 3 // B 2 = n 1 mod m 5: Q = ba 3 /B 3 c 6: (T 1,T 2,T 3 ) (A 1 Q B 1,A 2 Q B 2,A 3 Q B 3 ) 7: (A 1,A 2,A 3 ) (B 1,B 2,B 3 ) 8: (B 1,B 2,B 3 ) (T 1,T 2,T 3 )

18 Euler s Totient Function I Consider the ring Z m = {0,...,m 1}. We want to find how many integers in Z m are coprime to m, i.e., '(m). Convention: '(1) = 1. Let s compute '(5) and '(6)...

19 Euler s Totient Function II If m is prime, '(m) =(m 1). Otherwise, we need to determine m s (unique) prime factorization to compute '(m). Recall Eq. (1): m = Y p i 2P p e i i, where e i 2{0, 1, 2,...}. Let be the smallest prime larger than m ( is the n-th prime). Then '(m) = ny i=1 (p e i i p e i 1 i ). (2) Let s compute '(240) using Eq. (2)...

20 More Number Theory Theorems Fermat s Little Theorem: Let a be an integer and p be a prime. Then a p a (mod p). Equivalently, a p 1 1(modp). So we can invert a modulo p: a 1 a p 2 (mod p). Euler s Theorem: Let a and m be integers such that gcd(a, m) =1. Then a '(m) 1(modm). Notice that Euler s Theorem is a generalization of Fermat s Little Theorem (arbitrary modulus).

21 Outline Review: Basic Mathematical Foundations Group Theory Number Theory Case Study: RSA Cryptosystem

22 RSA Cryptosystem Widely used public-key (asymmetric) cryptosystem Security based on the following: it s easy to multiply large primes, but very hard to factor the product (Paar and Pelzl, 2010) Computations in integer ring Z n, where plaintext m 2 Z n RSA Encryption: Given public key (n, e) =k pub and plaintext m, the encryption function is c = E kpub (m) m e (mod n), (3) where x, y 2 Z n. RSA Decryption: Given private key (n, d) =k priv and ciphertext c, the decryption function is where x, y 2 Z n. m = D kpriv c d (mod n), (4)

23 RSA Key Generation Algorithm 3 RSA KEY GENERATION 1: Choose two large primes p and q 2: Compute n p q 3: Compute '(n) =(p 1)(q 1) 4: Select public exponent e 2{1, 2,...,'(n)} such that gcd(e, '(n)) = 1 5: Choose private exponent d such that d e 1(mod'(n)) Suppose Alice picks p =3and q =11and wants to send m =4to Bob. How would the RSA scheme work?

24 RSA in Practice This textbook RSA scheme has several weaknesses: (Paar and Pelzl, 2010) RSA encryption is deterministic Plaintext values m =0,m=1,m= 1 produce the same ciphertext values (c =0,c=1,c= 1) Attacks are possible with small plaintext and exponent values In practice, RSA encryption is combined with zero padding, salt, and message hash functions to securely transmit messages

25 RSA Digital Signatures The RSA algorithm can be repurposed for digitally signing a message m Public key k pub =(n, d), private key k priv =(n, e) Signing: Compute s = Sign kpriv (m) m d (mod n) Verification: Compute m 0 = s e mod n. If m 0 m (mod n), the signature is valid.

26 Questions & Comments? Thank you! If you find this material interesting, consider taking CSE 5473 (Introduction to Network Security) and/or CSE 5431 (Introduction to Cryptography). More to explore: (Sage Math, 2012) ( Sage-based notes on the RSA cryptosystem (van Nguyen, 2010); Free book on number theory (Stein, 2008)

27 References I Knuth, D. E. (1997). The Art of Computer Programming, volume 1. Addison-Wesley, 3rd edition. Paar, C. and Pelzl, J. (2010). Understanding Cryptography: A Textbook for Students and Practioners. Springer, 2nd edition. Sage Math (2012). Stallings, W. (2006). Cryptography and Network Security. Addison-Wesley, 4th edition. Stein, W. (2008). Elementary Number Theory: Primes, Congruences, and Secrets. Springer. van Nguyen, M. (2010). Number Theory and the RSA Cryptosystem. downloads/numtheory-crypto-1.1.pdf.

Carmen s Core Concepts (Math 135)

Carmen s Core Concepts (Math 135) Carmen s Core Concepts (Math 135) Carmen Bruni University of Waterloo Week 8 1 The following are equivalent (TFAE) 2 Inverses 3 More on Multiplicative Inverses 4 Linear Congruence Theorem 2 [LCT2] 5 Fermat

More information

Introduction to Public-Key Cryptosystems:

Introduction to Public-Key Cryptosystems: Introduction to Public-Key Cryptosystems: Technical Underpinnings: RSA and Primality Testing Modes of Encryption for RSA Digital Signatures for RSA 1 RSA Block Encryption / Decryption and Signing Each

More information

Number Theory & Modern Cryptography

Number Theory & Modern Cryptography Number Theory & Modern Cryptography Week 12 Stallings: Ch 4, 8, 9, 10 CNT-4403: 2.April.2015 1 Introduction Increasing importance in cryptography Public Key Crypto and Signatures Concern operations on

More information

Number Theory and Algebra: A Brief Introduction

Number Theory and Algebra: A Brief Introduction Number Theory and Algebra: A Brief Introduction Indian Statistical Institute Kolkata May 15, 2017 Elementary Number Theory: Modular Arithmetic Definition Let n be a positive integer and a and b two integers.

More information

Mathematics of Cryptography

Mathematics of Cryptography UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms

More information

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1). 1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not

More information

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups

More information

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives [Part 2] Asymmetric-Key Encipherment Mathematics of Cryptography Forouzan, B.A. Cryptography and Network Security (International Edition). United States: McGraw Hill, 2008. Objectives To introduce prime

More information

ECE596C: Handout #11

ECE596C: Handout #11 ECE596C: Handout #11 Public Key Cryptosystems Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract In this lecture we introduce necessary mathematical background for studying

More information

Chapter 8 Public-key Cryptography and Digital Signatures

Chapter 8 Public-key Cryptography and Digital Signatures Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital

More information

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime

More information

Number Theory and Group Theoryfor Public-Key Cryptography

Number Theory and Group Theoryfor Public-Key Cryptography Number Theory and Group Theory for Public-Key Cryptography TDA352, DIT250 Wissam Aoudi Chalmers University of Technology November 21, 2017 Wissam Aoudi Number Theory and Group Theoryfor Public-Key Cryptography

More information

The security of RSA (part 1) The security of RSA (part 1)

The security of RSA (part 1) The security of RSA (part 1) The modulus n and its totient value φ(n) are known φ(n) = p q (p + q) + 1 = n (p + q) + 1 The modulus n and its totient value φ(n) are known φ(n) = p q (p + q) + 1 = n (p + q) + 1 i.e. q = (n φ(n) + 1)

More information

Lecture 3.1: Public Key Cryptography I

Lecture 3.1: Public Key Cryptography I Lecture 3.1: Public Key Cryptography I CS 436/636/736 Spring 2015 Nitesh Saxena Today s Informative/Fun Bit Acoustic Emanations http://www.google.com/search?source=ig&hl=en&rlz=&q=keyboard+acoustic+em

More information

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 8 February 1, 2012 CPSC 467b, Lecture 8 1/42 Number Theory Needed for RSA Z n : The integers mod n Modular arithmetic GCD Relatively

More information

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017 CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto

More information

Iterated Encryption and Wiener s attack on RSA

Iterated Encryption and Wiener s attack on RSA Iterated Encryption Euler s function Euler s function: φ(n) = {1 x n : gcd(x, n) = 1} Theorem (Euler) If n is a positive integer and m is a positive integer coprime to n then m φ(n) mod n = 1. Iterated

More information

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory. CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L06, Steve/Courses/2011/S2/CSS322/Lectures/number.tex,

More information

Public Key Cryptography

Public Key Cryptography Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood

More information

Topics in Cryptography. Lecture 5: Basic Number Theory

Topics in Cryptography. Lecture 5: Basic Number Theory Topics in Cryptography Lecture 5: Basic Number Theory Benny Pinkas page 1 1 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem: generating

More information

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL NUMBER THEORY AND CODES Álvaro Pelayo WUSTL Talk Goal To develop codes of the sort can tell the world how to put messages in code (public key cryptography) only you can decode them Structure of Talk Part

More information

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups

More information

Applied Cryptography and Computer Security CSE 664 Spring 2018

Applied Cryptography and Computer Security CSE 664 Spring 2018 Applied Cryptography and Computer Security Lecture 12: Introduction to Number Theory II Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline This time we ll finish the

More information

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2 Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number

More information

Lecture 1: Introduction to Public key cryptography

Lecture 1: Introduction to Public key cryptography Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means

More information

Introduction to Cybersecurity Cryptography (Part 5)

Introduction to Cybersecurity Cryptography (Part 5) Introduction to Cybersecurity Cryptography (Part 5) Prof. Dr. Michael Backes 13.01.2017 February 17 th Special Lecture! 45 Minutes Your Choice 1. Automotive Security 2. Smartphone Security 3. Side Channel

More information

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg Course 1: Remainder: RSA Université du Luxembourg September 21, 2010 Public-key encryption Public-key encryption: two keys. One key is made public and used to encrypt. The other key is kept private and

More information

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,

More information

CPSC 467: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 9 September 30, 2015 CPSC 467, Lecture 9 1/47 Fast Exponentiation Algorithms Number Theory Needed for RSA Elementary Number Theory

More information

CSC 5930/9010 Modern Cryptography: Number Theory

CSC 5930/9010 Modern Cryptography: Number Theory CSC 5930/9010 Modern Cryptography: Number Theory Professor Henry Carter Fall 2018 Recap Hash functions map arbitrary-length strings to fixedlength outputs Cryptographic hashes should be collision-resistant

More information

CRYPTOGRAPHY AND NUMBER THEORY

CRYPTOGRAPHY AND NUMBER THEORY CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We

More information

Basic elements of number theory

Basic elements of number theory Cryptography Basic elements of number theory Marius Zimand By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a k for some integer k. Notation

More information

Basic elements of number theory

Basic elements of number theory Cryptography Basic elements of number theory Marius Zimand 1 Divisibility, prime numbers By default all the variables, such as a, b, k, etc., denote integer numbers. Divisibility a 0 divides b if b = a

More information

Asymmetric Encryption

Asymmetric Encryption -3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function

More information

Introduction to Cryptography. Lecture 6

Introduction to Cryptography. Lecture 6 Introduction to Cryptography Lecture 6 Benny Pinkas page 1 Public Key Encryption page 2 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem:

More information

Discrete Mathematics GCD, LCM, RSA Algorithm

Discrete Mathematics GCD, LCM, RSA Algorithm Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common

More information

Introduction to Cybersecurity Cryptography (Part 4)

Introduction to Cybersecurity Cryptography (Part 4) Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message

More information

RSA. Ramki Thurimella

RSA. Ramki Thurimella RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key

More information

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29 Number theory Myrto Arapinis School of Informatics University of Edinburgh October 9, 2014 1/29 Division Definition If a and b are integers with a 6= 0, then a divides b if there exists an integer c such

More information

Introduction to Cybersecurity Cryptography (Part 4)

Introduction to Cybersecurity Cryptography (Part 4) Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message

More information

Number Theory. Modular Arithmetic

Number Theory. Modular Arithmetic Number Theory The branch of mathematics that is important in IT security especially in cryptography. Deals only in integer numbers and the process can be done in a very fast manner. Modular Arithmetic

More information

Public Key Cryptography

Public Key Cryptography Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:

More information

CIS 551 / TCOM 401 Computer and Network Security

CIS 551 / TCOM 401 Computer and Network Security CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It

More information

Hans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009. References. References

Hans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009. References. References Hans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009 Die Unterlagen sind ausschliesslich zum persoenlichen Gebrauch der Vorlesungshoerer bestimmt. Die Herstellung von elektronischen

More information

Cryptography IV: Asymmetric Ciphers

Cryptography IV: Asymmetric Ciphers Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline

More information

dit-upm RSA Cybersecurity Cryptography

dit-upm RSA Cybersecurity Cryptography -upm Cybersecurity Cryptography José A. Mañas < http://www.dit.upm.es/~pepe/> Information Technology Department Universidad Politécnica de Madrid 4 october 2018 public key (asymmetric) public key secret

More information

Algorithmic Number Theory and Public-key Cryptography

Algorithmic Number Theory and Public-key Cryptography Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented

More information

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 13 (rev. 2) Professor M. J. Fischer October 22, 2008 53 Chinese Remainder Theorem Lecture Notes 13 We

More information

Asymmetric Cryptography

Asymmetric Cryptography Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a

More information

Chapter 4 Asymmetric Cryptography

Chapter 4 Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for

More information

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer. CHAPTER 2 INTRODUCTION TO NUMBER THEORY ANSWERS TO QUESTIONS 2.1 A nonzero b is a divisor of a if a = mb for some m, where a, b, and m are integers. That is, b is a divisor of a if there is no remainder

More information

Cryptography. P. Danziger. Transmit...Bob...

Cryptography. P. Danziger. Transmit...Bob... 10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of

More information

Elementary Number Theory Review. Franz Luef

Elementary Number Theory Review. Franz Luef Elementary Number Theory Review Principle of Induction Principle of Induction Suppose we have a sequence of mathematical statements P(1), P(2),... such that (a) P(1) is true. (b) If P(k) is true, then

More information

CS483 Design and Analysis of Algorithms

CS483 Design and Analysis of Algorithms CS483 Design and Analysis of Algorithms Lectures 2-3 Algorithms with Numbers Instructor: Fei Li lifei@cs.gmu.edu with subject: CS483 Office hours: STII, Room 443, Friday 4:00pm - 6:00pm or by appointments

More information

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks 1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some

More information

ECEN 5022 Cryptography

ECEN 5022 Cryptography Elementary Algebra and Number Theory University of Colorado Spring 2008 Divisibility, Primes Definition. N denotes the set {1, 2, 3,...} of natural numbers and Z denotes the set of integers {..., 2, 1,

More information

basics of security/cryptography

basics of security/cryptography RSA Cryptography basics of security/cryptography Bob encrypts message M into ciphertext C=P(M) using a public key; Bob sends C to Alice Alice decrypts ciphertext back into M using a private key (secret)

More information

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The

More information

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each

More information

Encryption: The RSA Public Key Cipher

Encryption: The RSA Public Key Cipher Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 14, 2013 CPSC 467b, Lecture 9 1/42 Integer Division (cont.) Relatively prime numbers, Z n, and φ(n) Computing in Z n

More information

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald) Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald) 1 Euclid s Algorithm Euclid s Algorithm for computing the greatest common divisor belongs to the oldest known computing procedures

More information

Homework 4 for Modular Arithmetic: The RSA Cipher

Homework 4 for Modular Arithmetic: The RSA Cipher Homework 4 for Modular Arithmetic: The RSA Cipher Gregory V. Bard April 25, 2018 This is a practice workbook for the RSA cipher. It is not suitable for learning the RSA cipher from scratch. However, there

More information

MATH 158 FINAL EXAM 20 DECEMBER 2016

MATH 158 FINAL EXAM 20 DECEMBER 2016 MATH 158 FINAL EXAM 20 DECEMBER 2016 Name : The exam is double-sided. Make sure to read both sides of each page. The time limit is three hours. No calculators are permitted. You are permitted one page

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security Outline Quadratic residues Useful tests Digital Signatures CPSC 467b: Cryptography and Computer Security Lecture 14 Michael J. Fischer Department of Computer Science Yale University March 1, 2010 Michael

More information

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How

More information

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes. INTEGERS PETER MAYR (MATH 2001, CU BOULDER) In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes. 1. Divisibility Definition. Let a, b

More information

Ma/CS 6a Class 3: The RSA Algorithm

Ma/CS 6a Class 3: The RSA Algorithm Ma/CS 6a Class 3: The RSA Algorithm By Adam Sheffer Reminder: Putnam Competition Signup ends Wednesday 10/08. Signup sheets available in all Sloan classrooms, Math office, or contact Kathy Carreon, kcarreon@caltech.edu.

More information

RSA-256bit 數位電路實驗 TA: 吳柏辰. Author: Trumen

RSA-256bit 數位電路實驗 TA: 吳柏辰. Author: Trumen RSA-256bit 數位電路實驗 TA: 吳柏辰 Author: Trumen Outline Introduction to Cryptography RSA Algorithm Montgomery Algorithm for RSA-256 bit 2 Introduction to Cryptography 3 Communication Is Insecure Alice Bob Paparazzi

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 13 March 3, 2013 CPSC 467b, Lecture 13 1/52 Elliptic Curves Basics Elliptic Curve Cryptography CPSC

More information

2 More on Congruences

2 More on Congruences 2 More on Congruences 2.1 Fermat s Theorem and Euler s Theorem definition 2.1 Let m be a positive integer. A set S = {x 0,x 1,,x m 1 x i Z} is called a complete residue system if x i x j (mod m) whenever

More information

ICS141: Discrete Mathematics for Computer Science I

ICS141: Discrete Mathematics for Computer Science I ICS141: Discrete Mathematics for Computer Science I Dept. Information & Computer Sci., Jan Stelovsky based on slides by Dr. Baek and Dr. Still Originals by Dr. M. P. Frank and Dr. J.L. Gross Provided by

More information

Public Key Encryption

Public Key Encryption Public Key Encryption 3/13/2012 Cryptography 1 Facts About Numbers Prime number p: p is an integer p 2 The only divisors of p are 1 and p s 2, 7, 19 are primes -3, 0, 1, 6 are not primes Prime decomposition

More information

CPSC 467: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security CPSC 467: Cryptography and Computer Security Michael J. Fischer 1 Lecture 13 October 16, 2017 (notes revised 10/23/17) 1 Derived from lecture notes by Ewa Syta. CPSC 467, Lecture 13 1/57 Elliptic Curves

More information

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0

More information

Public-Key Cryptosystems CHAPTER 4

Public-Key Cryptosystems CHAPTER 4 Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:

More information

Number theory (Chapter 4)

Number theory (Chapter 4) EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?

More information

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 9.1 Chapter 9 Objectives

More information

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS 1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!

More information

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost? Ch - Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication al-khwārizmī

More information

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems Cryptography Introduction to Number Theory 1 Preview Integers Prime Numbers Modular Arithmetic Totient Function Euler's Theorem Fermat's Little Theorem Euclid's Algorithm 2 Introduction to Number Theory

More information

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points. Math 152, Problem Set 2 solutions (2018-01-24) All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points. 1. Let us look at the following equation: x 5 1

More information

Public Key Cryptography

Public Key Cryptography T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt

More information

MATH 145 Algebra, Solutions to Assignment 4

MATH 145 Algebra, Solutions to Assignment 4 MATH 145 Algebra, Solutions to Assignment 4 1: a) Find the inverse of 178 in Z 365. Solution: We find s and t so that 178s + 365t = 1, and then 178 1 = s. The Euclidean Algorithm gives 365 = 178 + 9 178

More information

W3203 Discrete Mathema1cs. Number Theory. Spring 2015 Instructor: Ilia Vovsha. hcp://www.cs.columbia.edu/~vovsha/w3203

W3203 Discrete Mathema1cs. Number Theory. Spring 2015 Instructor: Ilia Vovsha. hcp://www.cs.columbia.edu/~vovsha/w3203 W3203 Discrete Mathema1cs Number Theory Spring 2015 Instructor: Ilia Vovsha hcp://www.cs.columbia.edu/~vovsha/w3203 1 Outline Communica1on, encryp1on Number system Divisibility Prime numbers Greatest Common

More information

Elementary Number Theory MARUCO. Summer, 2018

Elementary Number Theory MARUCO. Summer, 2018 Elementary Number Theory MARUCO Summer, 2018 Problem Set #0 axiom, theorem, proof, Z, N. Axioms Make a list of axioms for the integers. Does your list adequately describe them? Can you make this list as

More information

Math 299 Supplement: Modular Arithmetic Nov 8, 2013

Math 299 Supplement: Modular Arithmetic Nov 8, 2013 Math 299 Supplement: Modular Arithmetic Nov 8, 2013 Numbers modulo n. We have previously seen examples of clock arithmetic, an algebraic system with only finitely many numbers. In this lecture, we make

More information

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm Review CS311H: Discrete Mathematics Number Theory Instructor: Işıl Dillig What does it mean for two ints a, b to be congruent mod m? What is the Division theorem? If a b and a c, does it mean b c? What

More information

CSc 466/566. Computer Security. 5 : Cryptography Basics

CSc 466/566. Computer Security. 5 : Cryptography Basics 1/84 CSc 466/566 Computer Security 5 : Cryptography Basics Version: 2012/03/03 10:44:26 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg Christian

More information

Cryptography: Joining the RSA Cryptosystem

Cryptography: Joining the RSA Cryptosystem Cryptography: Joining the RSA Cryptosystem Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin Joining the RSA Cryptosystem: Overview First,

More information

Eindhoven University of Technology MASTER. Kleptography cryptography with backdoors. Antheunisse, M. Award date: 2015

Eindhoven University of Technology MASTER. Kleptography cryptography with backdoors. Antheunisse, M. Award date: 2015 Eindhoven University of Technology MASTER Kleptography cryptography with backdoors Antheunisse, M. Award date: 2015 Disclaimer This document contains a student thesis (bachelor's or master's), as authored

More information

download instant at

download instant at 2 CRYPTOGRAPHY AND NUMBER THEORY 2.1 CRYPTOGRAPHY AND MODULAR ARITHMETIC Pages 54 to 56 Problem 1 Problem 2 Problem 3 Problem 4 14 mod 9 = 5; 1 mod 9 = 8; 11 mod 9 = 7. KHUH LV D PHVVDJH. EBOB FP X JBPPXDB.

More information

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION Recall that RSA works as follows. A wants B to communicate with A, but without E understanding the transmitted message. To do so: A broadcasts RSA method,

More information

The RSA Cipher and its Algorithmic Foundations

The RSA Cipher and its Algorithmic Foundations Chapter 1 The RSA Cipher and its Algorithmic Foundations The most important that is, most applied and most analyzed asymmetric cipher is RSA, named after its inventors Ron Rivest, Adi Shamir, and Len Adleman.

More information

For your quiz in recitation this week, refer to these exercise generators:

For your quiz in recitation this week, refer to these exercise generators: Monday, Oct 29 Today we will talk about inverses in modular arithmetic, and the use of inverses to solve linear congruences. For your quiz in recitation this week, refer to these exercise generators: GCD

More information

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage Cryptosystem Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage f(m). The receiver computes f 1 (f(m)). Advantage: Cannot

More information

Discrete mathematics I - Number theory

Discrete mathematics I - Number theory Discrete mathematics I - Number theory Emil Vatai (based on hungarian slides by László Mérai) 1 January 31, 2018 1 Financed from the financial support ELTE won from the Higher Education

More information

MATH 501 Discrete Mathematics. Lecture 6: Number theory. German University Cairo, Department of Media Engineering and Technology.

MATH 501 Discrete Mathematics. Lecture 6: Number theory. German University Cairo, Department of Media Engineering and Technology. MATH 501 Discrete Mathematics Lecture 6: Number theory Prof. Dr. Slim Abdennadher, slim.abdennadher@guc.edu.eg German University Cairo, Department of Media Engineering and Technology 1 Number theory Number

More information