Public Key Algorithms
|
|
- Toby McDaniel
- 6 years ago
- Views:
Transcription
1 1 Public Key Algorithms ffl hash: irreversible transformation(message) ffl secret key: reversible transformation(block) encryption digital signatures authentication RSA yes yes yes El Gamal no yes no Zero-knowledge proofs no no yes Diffie-Hellman: exchange of secrets all: pair (public, private) for each principal Slide 1 Modular Addition ffl addition modulo (mod) K (poor) cipher with key K ffl additive inverse: x: add until modulo (or 0) ffl decrypt by adding inverse Slide 2
2 2 Modular Multiplication ffl multiplication by 1, 3, 7, 9 works as cipher ffl multiplicative inverse x 1 : y x =1 ffl only 1, 3, 7, 9 have multiplicative inverses (e.g., 7 $ 3) ffl use Euclid s Algorithm to find inverse Slide 3 Totient Function ffl x; m relatively prime = no other common factor than 1 ffl relatively prime 6= prime (9 rel. prime 10) ffl e.g., 6 not relatively prime to 10: 2 divides both 6 and 10 ffl totient function ffi(n): number of numbers less than n relatively prime to n if n prime, f1; 2;:::;n 1g are rp ffi(n) =n 1 if n = p q, p; q distinct prime ffi(n) =(p 1)(q 1): Λ n = pq numbers in f0; 1; 2;:::;n 1g; exclude non-rp Λ exclude multiples of p or q Λ p multiples of q<pq(0,1,...), q multiples of p<pq Λ thus, exclude p + q 1 numbers don t count 0 twice Λ ffi(pq) =pq (p + q 1) = (p 1)(q 1) Slide 4
3 3 Modular Exponentiation x y mod n 6= x y+n mod n! x y Slide 5 Modular Exponentiation ffl encryption: x 3 works, x 2 does not ffl exponentiative inverse y of x: (a x ) y = a ffl columns: 1=5; 2=6; 3=7;::: ffl x y mod n = x y mod ffi(n) mod n ffl rp(10) = f1; 3; 7; 9g ffi(n) =4 ffl true for almost all n: anyn =product of distinct primes (square-free) ffl for any y with y =1 (mod ffi(n)) x y mod n = x mod n (e.g., 1, 5 and 9) Slide 6
4 4 RSA ffl Rivest, Shamir, Adleman ffl variable key length (common: 512 bits) ffl ciphertext length = key length ffl slow mostly used to encrypt secret for secret key cryptography Slide 7 RSA Algorithm Generate private and public key: ffl choose two large primes, p and q, about 256 bits (77 digits) each ffl n = p q (512 bits), don t reveal p and q ffl factoring 512 bit number is hard public key: e rp ffi(n) =(p 1)(q 1) he; ni private key: d =(e mod ffi(n)) 1 hd; ni encryption: of m<n: c = m e mod n decryption: m = c d mod n verification: m = s e mod n (signature s) Slide 8
5 5 RSA example p = 47 q = 71 n = pq = 3337 e = 79 prime, i.e., rp to (p 1)(q 1) d = 79 1 mod 3220 = 1019 m = m 1 = 688 c 1 = mod 3337 = 1570 p 1 = mod 3337 = 688 Slide 9 Why does RSA work? ffl n = pq, ffi(n) =(p 1)(q 1) ffl de =1 (mod ffi(n)) since e rp ffi(n) and d = e 1 ffl x de = x (mod n)8x ffl encryption: x e ffl decryption: (x e ) d = x ed = x ffl signature: reverse Slide 10
6 6 Why is RSA secure? ffl factor 512-bit number: half million MIPS years (= all US computers for one year) ffl given public key he; ni ffl need to find exponentiative inverse of e ffl need to know p, q to compute ffi(n) ffl abuse: if limited set of messages, can compare append random number ffl 2/2/1999: RSA-140 was factored. Slide 11 RSA Efficiency: Exponentiating ffl mod 678 = ( )=678 ffl modular reduction after each multiply: ffl (a b c) modm = (((a b) modm) c) modm = = = 213 (mod 678) = = = 435 (mod 678) = = = 435 (mod 678) ffl 54 small multiplies, 54 divides ffl exponent power of 2: = = = 213 (mod 678) = = = 671 (mod 678) = = = 213 (mod 678) Slide 12
7 7 ffl 123 2x+1 = 123 2x 123 Slide 13 RSA Efficiency: Exponentiating 54 = ; start with exponent ψ = = = 213 (mod 678) = = = 435 (mod 678) 110 ψ = = = 63 (mod 678) 1100 ψ = = 3969 = 579 (mod 678) = = = 27 (mod 678) ψ = = 729 = 51 (mod 678) = = 6273 = 171 (mod 678) ψ = = = 87 (mod 678) or x 54 = (((((x) 2 x) 2 ) 2 x) 2 x) 2 =87 (mod 678) 8 multiplies, 8 divides linearly with exponent bits Slide 14
8 8 RSA Implementation public key: O(k 2 ), private key: O(k 3 ), key generation: O(k 4 ) ffl fastest RSA hardware: 300 kb/s DES Pijnenburg PCC101 CFB 90 Mb/s Vasco CRY12C102 CFB 22 Mb/s RSA Pijnenburg PCC kb/s kb/s Vasco PQR kb/s ffl 90 MHz Pentium: throughput (private key) of 21.6 kb/s, 7.4 kb/s per second with a 1024-bit modulus ffl DES software: 100 times faster than RSA ffl DES hardware: 1,000 to 10,000 times faster Slide 15 Finding Big Primes p and q ffl infinite number of primes, probability 1= ln n ffl ten-digit number: 1 in 23, hundred-digit: 1 in 230 ffl pick at random and check if prime ffl bad: divide by all p n ffl Euler s Theorem: a rp n a ffi(n) =1 (mod n) ffl if n prime, ffi(n) =n 1 Theorem 1 (Fermat s Little Theorem) If p is prime and 0 <a<p, a p 1 =1 (mod p) ffl if p not prime, does not usually hold ffl pick some a<n, compute a n 1 mod n?! 1 ffl probability of accepting bad n: repeat Slide 16
9 9 Carmichael Numbers ffl Carmichael numbers n: not prime, but a n 1 =1 factor in n) (mod n)8a (where a not a ffl infinitely many ffl first few: 561, 1105, 1729, 2465, 2821, 6601, 8911 ffl 246,683 below ffl example: mod 561 = 1, but3 560 mod 561 = 375 Slide 17 Finding Big Primes p and q: Miller and Rabin Variation on Fermat test: ffl express n 1 as 2 b c,whereb 0 ffl compute a n 1 (mod n) (Fermat) as (a c ) 2b (mod n) ffl square b times ffl if not 1 not prime; if 1, test: if a c (mod n) 6= 1 squaring not-1! 1 square root of 1 rule: if n is prime (mod n), p 1 are 1 and 1(= n 1) if p 1 6= ±1, n not prime try many values for a; 75% of a fail the test if n not prime Slide 18
10 10 Big Primes: Implementation 1. pick odd random number n 2. check n=f3; 5; 7; 11;:::g and try again 3. repeat until failure or confidence: (a) pick random a and compute a c (mod n), with n 1=2 b c (b) compute a c,thenb times: (a c ) 2 (c) if result = 1: operand = ±1? no prime if not Slide 19 Finding d and e ffl e = any number rp to (p 1)(q 1) ffl ed =1 (mod ffi(n)) Euclid s algorithm Options for picking e: 1. pick randomly until e is rp to (p 1)(q 1) 2. choose e and pick p; q so that (p 1); (q 1) are rp to e Slide 20
11 11 Having a Small Constant e ffl e same small number ffl d can t be small (searchable) ffl e =3or e = ffl can t use 2: not rp to (p 1)(q 1) ffl message must be bigger than 3p n ffl send copies of message to three people: e i = h3;n i i Trudy: m 3 mod n 1 n 2 n 3 = m 3 (Chinese remainder) choose random/individualized padding Slide 21 RSA: e =3 ffl 3rptoffi(n) =(p 1)(q 1) since d = e 1 ffl each p 1, q 1 must be rp to 3 ffl 3 is factor of x x mod3=0 ffl (p 1) rp 3 p =2 (mod 3) (p 1) = 1 (mod 3) ffl (q 1) rp 3 q =2 (mod 3) (q 1) = 1 (mod 3) ffl choose p = r 3+2, r random, odd Slide 22
12 12 RSA: e = ffl = , (Mersenne prime: 2 n 1!) ffl only 17 multiplies to exponentiate: x 216 x ffl random 512-bit number: 768 multiplies ffl avoid 3 problems: 1. few m with m <n(512 bits) 2. have to send to 65,537 recipients 3. n rp ffi(n) reject p; q =1 (mod 65537) Slide 23 RSA Threats: Smooth Numbers ffl product of small primes ffl signed m 1 ;m 2 can compute signatures on m 1 m 2 ;m 1 =m 2 ;m j 1 ;mj 2 ;mj 1 mk 2 ffl example: m 2 1 :(md 1 mod n)2 mod n ffl if m 1 =m 2 is prime, can fake signature on that prime ffl any product of this collection ffl pad with zero on left small number smooth " ffl pad on right with x bits n 2 x ffl pad on right with random data cube root problem Slide 24
13 13 RSA Threats: Cube Root Problem ffl Carol wants your signature for message with digest h ffl message digest h; h 0 = pad with zeros on right ffl signature r = d 3p h 0 e r e = r 3 = h 0 Slide 25 Public Key Cryptography Standards (PKCS) ffl operational standards ffl deal with threats (smooth numbers, multiple recipients,...) ffl encryption with PKCS#1 random padding prevents guessing from known messages random padding prevents e =3, multiple-recipient attack cube root decryption longer than 21 bytes (> 11 + data) ffl signing with PKCS#2 large padding not smooth include digest algorithm prevent spoofing Slide 26
14 14 PKCS #1 RFC 2313 Also X.509: RSAPublicKey ::= SEQUENCE { modulus INTEGER, -- n publicexponent INTEGER } -- e Encryption block = 00jBTjPSj00jD with padding PS of k 3 jdj octets. 0 private-key 00 1 private-key FF (large!) 2 public-key pseudo-random Slide 27 PKCS #1 Signature DigestInfo ::= SEQUENCE { digestalgorithm DigestAlgorithmIdentifier, digest Digest } DigestAlgorithmIdentifier ::= AlgorithmIdentifier AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) US(840) rsadsi(113549) digestalgorithm(2) 5 } Digest ::= OCTET STRING Slide 28
15 15 Diffie-Hellman Key Exchange ffl shared key, public communication ffl no authentication of partners ffl p prime, ß 512 bits, public ffl g<p, public ffl Alice, Bob choose random, secret S A, S B ffl transmit T A = g SA mod p, T B = g SB mod p ffl Alice computes T S A B (mod p) =(g SB ) S A (mod p) ffl both get same number = key ffl would need to compute discrete logs to get S A from g S A ffl not secure against bucket-brigade attacks Slide 29 ffl public numbers instead of invention Slide 30
16 16 Bucket Brigade Attack ffl man-in-the-middle ffl X establishes security association with Alice, Bob ffl can read/write from/to both ffl relays messages, passwords between them ffl prevention: make g SA mod p public can t be replaced Slide 31 Diffie-Hellman: Offline ffl Bob publishes hp B ;g B ;T B i ffl Alice computes K AB = T S A B mod p B ffl Alice sends g S A B mod p B to Bob Slide 32
17 17 El Gamal Signatures ffl D-H: public: hg; p; T i; private:s; g s mod p = T ffl new public/private key for each message ffl compute T m = g Sm mod p for random S m for each msg. m ffl digest d m = mjt m ffl signature = X = S m + d m S (mod p 1) ffl transmit m; X; T m ffl verification: g X =?T m T d m mod p g X = g S m+d m S = g S m g Sdm = T m T dm (mod p) Slide 33 El Gamal Properties Exercises: ffl message modification signature won t match ffl signature does not divulge S ffl don t know S can t sign Slide 34
18 18 Digital Signature Standard (DSS) ffl related to El Gamal, but some computations modq, q = 160 bits < jpj = 512 bits ffl speeded up for signer rather than verifier: chip cards Slide 35 DSS Algorithm 1. generate public p (512 bit prime) and q (160 bit prime) p = kq generate public g g q =1 (mod p) 3. choose long-term ht;si with random S T = g S mod p for S<q 4. choose ht m ;S m i with random S m ffl T m =((g Sm mod p) modq ffl calculate S 1 m mod q 5. calculate d m = SHS(message) Slide 36
19 19 6. signature X = S 1 m (d m + ST m )modq 7. transmit m; T m ;X 8. verify based on d m : z =? T m x = d m X 1 mod q y = T m X 1 mod q z = (g X T y mod p) modq Slide 37 DSS Algebra v = (d m + ST m ) 1 mod q X 1 = (S 1 m (d m + ST m )) 1 = S m (d m + ST m ) 1 = S m v mod q x = d m X 1 = d m S m v mod q y = T m X 1 = T m S m v mod q z = g x T y = g d ms m v g ST m S m v = g (d m+st m )S m v = g S m = T m mod p mod q any multiple of q in exponent drops out Slide 38
20 20 RSA vs. DSS ffl fixed moduli fflhp; q; gi pick one juicy target ffl trapdoor primes ffl slower than RSA(e =3), but signatures can be done ahead of time ffl needs per-message random secret ffl patent (Schnorr) Slide 39 Zero-Knowledge Proofs ffl prove knowledge without revealing it ffl RSA signatures ffl graph isomorphism: rename vertices ffl Alice: graph A and B ο A ffl public key: graphs A; B ffl private key: mapping between vertices ffl Alice: create G i and sends to Bob ffl Bob! Alice: how did A or B! G i? ffl zero-knowledge: Bob knows some G i s ffl Fred can create G i from either A or B, but not both Slide 40
21 21 Zero-Knowledge Proofs: Fiat-Shamir ffl Alice: public key hn; vi, n = pq ffl v: Alice knows secret s = p v (mod n) 1. Alice chooses k random numbers r 1 ;:::;r k 2. Alice sends r 2 i mod n 3. Bob chooses a random subset 1 of ri 2 subset 1 subset 2 Alice sends sr i mod n r i mod n Bob checks (sr i ) 2 (r i ) 2 =? vr 2 i (r i ) 2 Fred 4. finding square roots is hard (r i ) 2 (easy) Slide Fred gets some hri 2 ;sr ii 6. can use these for subset 1, pick own for subset 2 7. Carol picks which she wants much faster than RSA: 45 multiplies for Alice, Bob Slide 42
Public Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationOverview. Public Key Algorithms II
Public Key Algorithms II Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationTheme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS
1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!
More informationOverview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017
CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationCryptography IV: Asymmetric Ciphers
Cryptography IV: Asymmetric Ciphers Computer Security Lecture 7 David Aspinall School of Informatics University of Edinburgh 31st January 2011 Outline Background RSA Diffie-Hellman ElGamal Summary Outline
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationAlgorithmic Number Theory and Public-key Cryptography
Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented
More informationIntroduction to Public-Key Cryptosystems:
Introduction to Public-Key Cryptosystems: Technical Underpinnings: RSA and Primality Testing Modes of Encryption for RSA Digital Signatures for RSA 1 RSA Block Encryption / Decryption and Signing Each
More informationCryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg
Course 1: Remainder: RSA Université du Luxembourg September 21, 2010 Public-key encryption Public-key encryption: two keys. One key is made public and used to encrypt. The other key is kept private and
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More informationLECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS
LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationCosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks
1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some
More informationThe RSA cryptosystem and primality tests
Mathematics, KTH Bengt Ek November 2015 Supplementary material for SF2736, Discrete mathematics: The RSA cryptosystem and primality tests Secret codes (i.e. codes used to make messages unreadable to outsiders
More informationTi Secured communications
Ti5318800 Secured communications Pekka Jäppinen September 20, 2007 Pekka Jäppinen, Lappeenranta University of Technology: September 20, 2007 Relies on use of two keys: Public and private Sometimes called
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA: Review and Properties Factoring Algorithms Trapdoor One Way Functions PKC Based on Discrete Logs (Elgamal) Signature Schemes Lecture 8 Tel-Aviv University
More informationTHE CUBIC PUBLIC-KEY TRANSFORMATION*
CIRCUITS SYSTEMS SIGNAL PROCESSING c Birkhäuser Boston (2007) VOL. 26, NO. 3, 2007, PP. 353 359 DOI: 10.1007/s00034-006-0309-x THE CUBIC PUBLIC-KEY TRANSFORMATION* Subhash Kak 1 Abstract. This note proposes
More informationFundamentals of Modern Cryptography
Fundamentals of Modern Cryptography BRUCE MOMJIAN This presentation explains the fundamentals of modern cryptographic methods. Creative Commons Attribution License http://momjian.us/presentations Last
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationNetwork Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30
Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) LIU Zhen Due Date: March 30 Questions: 1. RSA (20 Points) Assume that we use RSA with the prime numbers p = 17 and q = 23. (a) Calculate
More informationLecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya
BBM 205 Discrete Mathematics Hacettepe University http://web.cs.hacettepe.edu.tr/ bbm205 Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya Resources: Kenneth Rosen,
More information10 Modular Arithmetic and Cryptography
10 Modular Arithmetic and Cryptography 10.1 Encryption and Decryption Encryption is used to send messages secretly. The sender has a message or plaintext. Encryption by the sender takes the plaintext and
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols nichols@math.umass.edu University of Massachusetts Oct. 14, 2015 Cryptography basics Cryptography is the study of secure communications. Here are
More informationCryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1
Cryptography CS 555 Topic 18: RSA Implementation and Security Topic 18 1 Outline and Readings Outline RSA implementation issues Factoring large numbers Knowing (e,d) enables factoring Prime testing Readings:
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationRSA: Genesis, Security, Implementation & Key Generation
ECE 646 Lecture 8 RSA: Genesis, Security, Implementation & Key Generation Public Key (Asymmetric) Cryptosystems Public key of Bob - K B Private key of Bob - k B Network Alice Encryption Decryption Bob
More informationECE 646 Lecture 8. RSA: Genesis, Security, Implementation & Key Generation
ECE 646 Lecture 8 RSA: Genesis, Security, Implementation & Key Generation Public Key (Asymmetric) Cryptosystems Public key of Bob - K B Private key of Bob - k B Network Alice Encryption Decryption Bob
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University March 26 2017 Outline RSA encryption in practice Transform RSA trapdoor
More informationENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange
ENEE 457: Computer Systems Security 10/3/16 Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More information1 Number Theory Basics
ECS 289M (Franklin), Winter 2010, Crypto Review 1 Number Theory Basics This section has some basic facts about number theory, mostly taken (or adapted) from Dan Boneh s number theory fact sheets for his
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationPublic Key Cryptography
Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:
More informationIntroduction to Elliptic Curve Cryptography. Anupam Datta
Introduction to Elliptic Curve Cryptography Anupam Datta 18-733 Elliptic Curve Cryptography Public Key Cryptosystem Duality between Elliptic Curve Cryptography and Discrete Log Based Cryptography Groups
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationASYMMETRIC ENCRYPTION
ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. 2 / 1 Recall
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationPublic Key Cryptography
Public Key Cryptography Ali El Kaafarani 1 Mathematical Institute 2 PQShield Ltd. 1 of 44 Outline 1 Public Key Encryption: security notions 2 RSA Encryption Scheme 2 of 44 Course main reference 3 of 44
More informationNumber theory (Chapter 4)
EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Fun with Public-Key Tonight we ll Introduce some basic tools of public-key crypto Combine the tools to create more powerful tools Lay the ground work for substantial
More informationPublic-Key Encryption: ElGamal, RSA, Rabin
Public-Key Encryption: ElGamal, RSA, Rabin Introduction to Modern Cryptography Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 Public-Key Encryption Syntax Encryption algorithm: E. Decryption
More informationPseudo-random Number Generation. Qiuliang Tang
Pseudo-random Number Generation Qiuliang Tang Random Numbers in Cryptography The keystream in the one-time pad The secret key in the DES encryption The prime numbers p, q in the RSA encryption The private
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationDiscrete Logarithm Problem
Discrete Logarithm Problem Finite Fields The finite field GF(q) exists iff q = p e for some prime p. Example: GF(9) GF(9) = {a + bi a, b Z 3, i 2 = i + 1} = {0, 1, 2, i, 1+i, 2+i, 2i, 1+2i, 2+2i} Addition:
More informationIntroduction to Cryptography. Lecture 8
Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationHenning Schulzrinne Columbia University, New York Columbia University, Fall 2000
1 Network Security: Hashes Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified October 5, 2000 Slide
More informationPrivate Key Cryptography. Fermat s Little Theorem. One Time Pads. Public Key Cryptography
Fermat s Little Theorem Private Key Cryptography Theorem 11 (Fermat s Little Theorem): (a) If p prime and gcd(p, a) = 1, then a p 1 1 (mod p). (b) For all a Z, a p a (mod p). Proof. Let A = {1, 2,...,
More informationbasics of security/cryptography
RSA Cryptography basics of security/cryptography Bob encrypts message M into ciphertext C=P(M) using a public key; Bob sends C to Alice Alice decrypts ciphertext back into M using a private key (secret)
More informationdit-upm RSA Cybersecurity Cryptography
-upm Cybersecurity Cryptography José A. Mañas < http://www.dit.upm.es/~pepe/> Information Technology Department Universidad Politécnica de Madrid 4 october 2018 public key (asymmetric) public key secret
More informationNumber Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers
Number Theory: Applications Number Theory Applications Computer Science & Engineering 235: Discrete Mathematics Christopher M. Bourke cbourke@cse.unl.edu Results from Number Theory have many applications
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationCryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups
Great Theoretical Ideas in CS V. Adamchik CS 15-251 Upcoming Interview? Lecture 24 Carnegie Mellon University Cryptography and RSA How the World's Smartest Company Selects the Most Creative Thinkers Groups
More informationPublic Key Cryptography
Public Key Cryptography Ali El Kaafarani Mathematical Institute Oxford University 1 of 74 Outline 1 Complexity measures 2 Algebra and Number Theory Background 3 Public Key Encryption: security notions
More informationAddition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?
Ch - Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication al-khwārizmī
More information8.1 Principles of Public-Key Cryptosystems
Public-key cryptography is a radical departure from all that has gone before. Right up to modern times all cryptographic systems have been based on the elementary tools of substitution and permutation.
More information10 Concrete candidates for public key crypto
10 Concrete candidates for public key crypto In the previous lecture we talked about public key cryptography and saw the Diffie Hellman system and the DSA signature scheme. In this lecture, we will see
More informationOutline. Available public-key technologies. Diffie-Hellman protocol Digital Signature. Elliptic curves and the discrete logarithm problem
Outline Public-key cryptography A collection of hard problems Mathematical Background Trapdoor Knapsack Integer factorization Problem Discrete logarithm problem revisited Case of Study: The Sun NFS Cryptosystem
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #9 Sep 22 nd 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Midterm #1, next class (Tues, Sept 27 th ) All lecture materials and readings
More informationIntroduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions
Introduction to Modern Cryptography Lecture 7 1. RSA Public Key CryptoSystem 2. One way Trapdoor Functions Diffie and Hellman (76) New Directions in Cryptography Split the Bob s secret key K to two parts:
More informationThéorie de l'information et codage. Master de cryptographie Cours 10 : RSA. 20,23 et 27 mars Université Rennes 1
Théorie de l'information et codage Master de cryptographie Cours 10 : RSA 20,23 et 27 mars 2009 Université Rennes 1 Master Crypto (2008-2009) Théorie de l'information et codage 20,23 et 27 mars 2009 1
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationNumber Theory & Modern Cryptography
Number Theory & Modern Cryptography Week 12 Stallings: Ch 4, 8, 9, 10 CNT-4403: 2.April.2015 1 Introduction Increasing importance in cryptography Public Key Crypto and Signatures Concern operations on
More informationDiscrete mathematics I - Number theory
Discrete mathematics I - Number theory Emil Vatai (based on hungarian slides by László Mérai) 1 January 31, 2018 1 Financed from the financial support ELTE won from the Higher Education
More informationPowers in Modular Arithmetic, and RSA Public Key Cryptography
1 Powers in Modular Arithmetic, and RSA Public Key Cryptography Lecture notes for Access 2006, by Nick Korevaar. It was a long time from Mary Queen of Scotts and substitution ciphers until the end of the
More informationCarmen s Core Concepts (Math 135)
Carmen s Core Concepts (Math 135) Carmen Bruni University of Waterloo Week 8 1 The following are equivalent (TFAE) 2 Inverses 3 More on Multiplicative Inverses 4 Linear Congruence Theorem 2 [LCT2] 5 Fermat
More informationChapter 4 Public Key Cryptology - Part I
Chapter 4 Public Key Cryptology - Part I February 15, 2010 4 The concept of public key cryptology (PKC) emerged in the early 1970 s in the British Government s communications center CESG, Cheltenham. (See
More informationRSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14
RSA Algorithm http://koclab.org Çetin Kaya Koç Spring 2018 1 / 14 Well-Known One-Way Functions Discrete Logarithm: Given p, g, and x, computing y in y = g x (mod p) is EASY Given p, g, y, computing x in
More informationCPSC 467b: Cryptography and Computer Security
Outline Quadratic residues Useful tests Digital Signatures CPSC 467b: Cryptography and Computer Security Lecture 14 Michael J. Fischer Department of Computer Science Yale University March 1, 2010 Michael
More informationCSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography
CSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography 1 Two Problems Problem 1. Generate Primes Find a prime number p of between 200 and 1000 decimal digits that has never been
More informationNetwork Security: Hashes
1 Network Security: Hashes Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified October 5, 2000 2
More informationIntroduction to Cryptography. Lecture 6
Introduction to Cryptography Lecture 6 Benny Pinkas page 1 Public Key Encryption page 2 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem:
More informationOne can use elliptic curves to factor integers, although probably not RSA moduli.
Elliptic Curves Elliptic curves are groups created by defining a binary operation (addition) on the points of the graph of certain polynomial equations in two variables. These groups have several properties
More informationInformation Security
SE 4472 / ECE 9064 Information Security Week 12: Random Number Generators and Picking Appropriate Key Lengths Fall 2015 Prof. Aleksander Essex Random Number Generation Where do keys come from? So far we
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationAttacks on RSA & Using Asymmetric Crypto
Attacks on RSA & Using Asymmetric Crypto Luke Anderson luke@lukeanderson.com.au 7 th April 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Breaking RSA 2.1 Chinese Remainder Theorem 2.2 Common
More informationCryptography. P. Danziger. Transmit...Bob...
10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of
More informationQuestion: Total Points: Score:
University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More information