A Knapsack Cryptosystem Secure Against Attacks Using Basis Reduction and Integer Programming
|
|
- Edith Sanders
- 5 years ago
- Views:
Transcription
1 A Knapsack Cryptosystem Secure Against Attacks Using Basis Reduction and Integer Programming Bala Krishnamoorthy William Webb Nathan Moyer Washington State University ISMP 2006 August 2, 2006
2 Public Key Cryptosystems Diffie and Hellman (1976) Bob wants to receive a message from Alice a 0 1 n-vector Bob keeps a public key Alice encrypts message and transmits Bob decrypts message using his private key hard to decrypt without private key Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 1
3 Public Key Cryptosystems Eve (eavesdropper) has to solve a hard problem to intercept one-way functions given x, easy to find y = f(x) hard to find x = f 1 (y), given y RSA (Rivest-Shamir-Adleman) given N, need to find two large primes p,q s.t. N = pq Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 2
4 Knapsack Cryptosystems Merkle-Hellman scheme (1978) Bob creates a superincreasing knapsack S = {s 1,...,s n } s i > i 1 j=1 s j for i = 2,...,n chooses p,q with gcd(p,q) = 1 private key (S,p,q) can find p 1 mod q Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 3
5 Knapsack Cryptosystems: Encryption computes a i ps i mod q public key A = {a 1,...,a n } to send message x = (x 1,...,x n ), x i = 0 or 1, Alice computes M = n transmits M to Bob i=1 a i x i (encryption) Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 4
6 Knapsack Cryptosystems: Decryption Bob solves n a i x i M mod q i=1 n p 1 a i x i p 1 M mod q i=1 n s i x i M mod q i=1 easy to solve (as S is superincreasing) while M > 0 do find largest s i S s.t. s i M ; set x i = 1; set M M s i ; end while Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 5
7 An Example n = 5; S = {1,3,7,13,26}; p = 467, q = 523; p 1 mod q 28; A = {467,355,131,318, 113} = a for message x = (0,1,1,0,1), Alice transmits M = ax = 599 Bob calculates M p 1 M mod q = = 10 x 5 = = 3 x 3 = = 0 x 2 = 1 Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 6
8 Knapsack Cryptosystems: Security to intercept, Eve has to solve n i=1 a i x i = M x i {0,1}, i = 1,...,n 0 1 knapsack problem is NP-complete difficulty to solve knapsack implies security Merkle offered a $100 prize for breaking the code!! Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 7
9 Attacks using Diophantine Approximation Shamir (1982) used the superincreasing property of S find p,q such that {p A mod q } is superincreasing with A = {467,355,131,318,113}, p q must lie in one of 466 intervals [ k 467, k ] for 4 k = 1,...,466 p q must lie in one of 354 intervals [ k 355, k ] for 3 k = 1,...,354 intersect intervals, try many choices.. for p = 53, q = 990, p A mod q = {1,5,13,24,49} and p M mod q = 67 solves the problem! Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 8
10 Attacks using Diophantine Approximation Adleman (1983) and Brickell, Lagarias, Odlyzko (1983) find integers k 1,...,k l such that k i a i approximates p q need only a few k i s solve an IP to find k i s (Lenstra s algorithm) IP created using superincreasing property of S Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 9
11 Attacks using Basis Reduction Lagarias and Odlyzko (LO) (1985) to solve ax = M, consider the lattice L(B) generated by B = [ ] I 0, N large Na NM ˆx = [ ] x 0 is a shortest vector in L(B) apply LLL basis reduction to B check for solution in the reduced basis Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 10
12 density = Attacks using Basis Reduction n max log 2 a i i=1,...,n [ ] x Prob( x = Z n+1 ax = My, x x ) 0 as y n if density < LO method solves almost all knapsack problems of density < in poly time if there is a poly time oracle for solving the shortest vector problem claim: LLL acts like such an oracle in practice?? Coster et al. (1991): density < Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 11
13 Attacks using Basis Reduction LaMacchia (1993) empirical testing used Seysen-Lovász reduction instances had density < 1 (needed for unique decoding?) n/2 of the x i s are set to 1 for n = 106, with density = 0.393, (a i s had 80 digits), on an average solved 50% instances in seconds Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 12
14 Attacks using Integer Programming try to solve the IP directly: n i=1 a i x i = M x i {0,1}, i = 1,...,n solvers cannot handle the huge numbers involved try exact solvers? (Espinoza et al.) apply Column Basis Reduction obtain reformulation with smaller numbers using BR run CPLEX on reformulation Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 13
15 Reasons for Insecurity structure superincreasing sequence low density existence of lattices in which the correct solution is a shortest vector success of BR in finding the shortest vectors in such lattices (in practice) Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 14
16 Why Knapsack?? simple in construction fast encryption and decryption addition/subtraction instead of multiplication/exponentiation claim that LLL is highly likely to find the shortest vector in almost all instances: still too early to throw in the towel!! Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 15
17 A New Knapsack Cryptosystem construction and structure an example security against BR-based attacks security against IP attacks further work Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 16
18 New Cryptosystem: Construction pick r primes p 1,...,p r (private) i pick m i p i numbers distinct mod p i, put them in set S i (Note: these numbers can be bigger than p i ) i find A i = S i p 1...p r p i n = r i=1 m i; knapsack coefficients are A = {A 1,...,A r } = a (public) can receive messages (0 1 n-vectors) which pick one element from A i for each i can further disguise a ij s using modular multiplication Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 17
19 New Cryptosystem: Construction Eve needs to solve r m i a ij x ij = M i=1 j=1 m i x ij = 1 i = 1,...,r j=1 x ij {0,1}, i = 1,...,r, j = 1,...,m i can set can set m i j=1 m i j=1 x ij = v i i = 1,...,r, where v i 1, or w ij x ij = v i i = 1,...,r, for some w ij Z, v i 1 Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 18
20 New Cryptosystem: Example r = 2, p 1 = 5, p 2 = 7; S 1 = {21,17,13,34,25}, S 2 = {22,25,31,33}; A 1 = S 1 7 = {147,119,91,238, 175}, A 2 = S 2 5 = {110,125,155,165}; all sums a 1i + a 2j are distinct mod 35 Alice sends = 284 = M M = mod 5, hence Bob needs 7s 1 4 mod 5 i.e., s 1 12 mod 5 2 mod 5 looks up S 1 to find 17 2 mod 5 hence, first part of message is (0,1,0,0,0) Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 19
21 New Cryptosystem: Density Message space has r i=1 m i messages restrictive, but helps to increase density! with m i = m i, density = rm max log 2 a i i=1,...,n rm ((r 1)log 2 p max + log 2 R) where p max = max i p i and R = max i,j S ij can choose m,p i s and R such that density is much bigger than 1! only m of the x ij s is 1 Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 20
22 Security against Basis Reduction a (simpler) test problem for Lagarias-Odlyzko method m i = m i; I = [9R,10R], J = [10R,11R] for large R choose s i1 I randomly i, let r i=1 s i1 = M for j = 2,...,m, choose s ij J randomly for i = 1,...,r 1 set s rj = r 1 i=1 s ij + 2s r1 M try LO method on r i=1 m s ij x ij j=1 = M m x ij = 1 i = 1,...,r j=1 x ij {0,1}, i = 1,...,r, j = 1,...,m Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 21
23 Test for Lagarias-Odlyzko Method apply LLL reduction to B = [ ] I 0, where ND Nb D = 2 3 S 1... S r , and b = 2 3 M solution is shortest vector in L(B): x i1 = 1 i, ˆx = r there are m 1 short vectors in L(B) with length r + 4 Results: LO method always finds ˆx for r 6,m 6,R trials with r = m = 20,R = 10 20, LO found ˆx in none of the instances! Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 22
24 Security against Basis Reduction if cardinality constraints are ignored for the LO method can prove that there exists exponentially many vectors in L(B) equal or shorter in length to the solution vector performance of LLL similar on actual instances (with p 1,...,p r ) even block Korkine-Zolotarev (BKZ) reduction produced similar results arguably, the strongest BR algorithm implemented Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 23
25 Security against IP Reformulations original IP is {x {0,1} n Dx = b} where A 1... A r M D = , and b = rewrite IP as {x Z n Bx ( = ) f} where B = D I I, and f = b 0 e using BKZ reduction, find reduced try to solve {y Z n By ( = ) f} B, f; Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 24
26 IP Reformulation Tests ** unsolved instances CPLEX encountered numerical instability r m n = rm R BRED CPLEX #BB > 4 hrs ** ** > 4 hrs ** ** Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 25
27 Further Work a promising knapsack cryptosystem have clever ideas to defeat diophantine approximation even under modular multiplication formalize hardness results for BR and IP reformulations need to consider other possible attacks better BR algorithms more numerically stable CPLEX exact MIP solver (Espinoza et al.) and improvements Krishnamoorthy, Webb, Moyer: A Secure Knapsack Cryptosystem (ISMP 06) 26
9 Knapsack Cryptography
9 Knapsack Cryptography In the past four weeks, we ve discussed public-key encryption systems that depend on various problems that we believe to be hard: prime factorization, the discrete logarithm, and
More informationLattice Reduction Attack on the Knapsack
Lattice Reduction Attack on the Knapsack Mark Stamp 1 Merkle Hellman Knapsack Every private in the French army carries a Field Marshal wand in his knapsack. Napoleon Bonaparte The Merkle Hellman knapsack
More informationRSA. Ramki Thurimella
RSA Ramki Thurimella Public-Key Cryptography Symmetric cryptography: same key is used for encryption and decryption. Asymmetric cryptography: different keys used for encryption and decryption. Public-Key
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationduring transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL
THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationA New Trapdoor in Modular Knapsack Public-Key Cryptosystem
A New Trapdoor in Modular Knapsack Public-Key Cryptosystem Takeshi Nasako Yasuyuki Murakami Abstract. Merkle and Hellman proposed a first knapsack cryptosystem. However, it was broken because the density
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationNotes 10: Public-key cryptography
MTH6115 Cryptography Notes 10: Public-key cryptography In this section we look at two other schemes that have been proposed for publickey ciphers. The first is interesting because it was the earliest such
More informationA KNAPSACK-TYPE CRYPTOGRAPHIC SYSTEM USING ALGEBRAIC NUMBER RINGS
A KNAPSACK-TYPE CRYPTOGRAPHIC SYSTEM USING ALGEBRAIC NUMBER RINGS By NATHAN THOMAS MOYER A dissertation submitted in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY WASHINGTON
More informationLooking back at lattice-based cryptanalysis
September 2009 Lattices A lattice is a discrete subgroup of R n Equivalently, set of integral linear combinations: α 1 b1 + + α n bm with m n Lattice reduction Lattice reduction looks for a good basis
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationA New Class of Product-sum Type Public Key Cryptosystem, K(V)ΣΠPKC, Constructed Based on Maximum Length Code
A New Class of Product-sum Type Public Key Cryptosystem, K(V)ΣΠPKC, Constructed Based on Maximum Length Code Masao KASAHARA Abstract The author recently proposed a new class of knapsack type PKC referred
More informationA New Knapsack Public-Key Cryptosystem Based on Permutation Combination Algorithm
A New Knapsack Public-Key Cryptosystem Based on Permutation Combination Algorithm Min-Shiang Hwang Cheng-Chi Lee Shiang-Feng Tzeng Department of Management Information System National Chung Hsing University
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationLattices. A Lattice is a discrete subgroup of the additive group of n-dimensional space R n.
Lattices A Lattice is a discrete subgroup of the additive group of n-dimensional space R n. Lattices have many uses in cryptography. They may be used to define cryptosystems and to break other ciphers.
More informationCosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks
1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some
More informationCryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups
Great Theoretical Ideas in CS V. Adamchik CS 15-251 Upcoming Interview? Lecture 24 Carnegie Mellon University Cryptography and RSA How the World's Smartest Company Selects the Most Creative Thinkers Groups
More informationMasao KASAHARA. Graduate School of Osaka Gakuin University
Abstract Construction of New Classes of Knapsack Type Public Key Cryptosystem Using Uniform Secret Sequence, K(II)ΣΠPKC, Constructed Based on Maximum Length Code Masao KASAHARA Graduate School of Osaka
More informationarxiv: v1 [math.nt] 13 Mar 2015
A Knapsack-like Code Using Recurrence Sequence Representations arxiv:1503.04238v1 [math.nt] 13 Mar 2015 Nathan Hamlin Bala Krishnamoorthy William Webb Department of Mathematics, Washington State University,
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationCryptography. pieces from work by Gordon Royle
Cryptography pieces from work by Gordon Royle The set-up Cryptography is the mathematics of devising secure communication systems, whereas cryptanalysis is the mathematics of breaking such systems. We
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationLecture Notes, Week 6
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several
More information8.1 Principles of Public-Key Cryptosystems
Public-key cryptography is a radical departure from all that has gone before. Right up to modern times all cryptographic systems have been based on the elementary tools of substitution and permutation.
More informationMath 412: Number Theory Lecture 13 Applications of
Math 412: Number Theory Lecture 13 Applications of Gexin Yu gyu@wm.edu College of William and Mary Partition of integers A partition λ of the positive integer n is a non increasing sequence of positive
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationA Note on the Density of the Multiple Subset Sum Problems
A Note on the Density of the Multiple Subset Sum Problems Yanbin Pan and Feng Zhang Key Laboratory of Mathematics Mechanization, Academy of Mathematics and Systems Science, Chinese Academy of Sciences,
More informationTheory of Computation Chapter 12: Cryptography
Theory of Computation Chapter 12: Cryptography Guan-Shieng Huang Dec. 20, 2006 0-0 Introduction Alice wants to communicate with Bob secretely. x Alice Bob John Alice y=e(e,x) y Bob y??? John Assumption
More informationMa/CS 6a Class 3: The RSA Algorithm
Ma/CS 6a Class 3: The RSA Algorithm By Adam Sheffer Reminder: Putnam Competition Signup ends Wednesday 10/08. Signup sheets available in all Sloan classrooms, Math office, or contact Kathy Carreon, kcarreon@caltech.edu.
More information10 Modular Arithmetic and Cryptography
10 Modular Arithmetic and Cryptography 10.1 Encryption and Decryption Encryption is used to send messages secretly. The sender has a message or plaintext. Encryption by the sender takes the plaintext and
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More informationLecture 22: RSA Encryption. RSA Encryption
Lecture 22: Recall: RSA Assumption We pick two primes uniformly and independently at random p, q $ P n We define N = p q We shall work over the group (Z N, ), where Z N is the set of all natural numbers
More informationLow-Density Attack Revisited
Low-Density Attack Revisited Tetsuya Izu Jun Kogure Takeshi Koshiba Takeshi Shimoyama Secure Comuting Laboratory, FUJITSU LABORATORIES Ltd., 4-1-1, Kamikodanaka, Nakahara-ku, Kawasaki 211-8588, Japan.
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationIntroduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions
Introduction to Modern Cryptography Lecture 7 1. RSA Public Key CryptoSystem 2. One way Trapdoor Functions Diffie and Hellman (76) New Directions in Cryptography Split the Bob s secret key K to two parts:
More informationLECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS
LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS Modular arithmetics that we have discussed in the previous lectures is very useful in Cryptography and Computer Science. Here we discuss several
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationMathematics of Cryptography
UNIT - III Mathematics of Cryptography Part III: Primes and Related Congruence Equations 1 Objectives To introduce prime numbers and their applications in cryptography. To discuss some primality test algorithms
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationEncryption: The RSA Public Key Cipher
Encryption: The RSA Public Key Cipher Michael Brockway March 5, 2018 Overview Transport-layer security employs an asymmetric public cryptosystem to allow two parties (usually a client application and a
More informationMy brief introduction to cryptography
My brief introduction to cryptography David Thomson dthomson@math.carleton.ca Carleton University September 7, 2013 introduction to cryptography September 7, 2013 1 / 28 Outline 1 The general framework
More informationLattice-based Algorithms for Number Partitioning in the Hard Phase
Lattice-based Algorithms for Number Partitioning in the Hard Phase Bala Krishnamoorthy, William Webb, and Nathan Moyer Department of Mathematics, Washington State University, Pullman WA {bkrishna, webb,
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationCryptography. P. Danziger. Transmit...Bob...
10.4 Cryptography P. Danziger 1 Cipher Schemes A cryptographic scheme is an example of a code. The special requirement is that the encoded message be difficult to retrieve without some special piece of
More informationRSA Cryptosystem and Factorization
RSA Cryptosystem and Factorization D. J. Guan Department of Computer Science National Sun Yat Sen University Kaoshiung, Taiwan 80424 R. O. C. guan@cse.nsysu.edu.tw August 25, 2003 RSA Cryptosystem was
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 9 February 14, 2013 CPSC 467b, Lecture 9 1/42 Integer Division (cont.) Relatively prime numbers, Z n, and φ(n) Computing in Z n
More informationElliptic Curve Cryptography
Elliptic Curve Cryptography Elliptic Curves An elliptic curve is a cubic equation of the form: y + axy + by = x 3 + cx + dx + e where a, b, c, d and e are real numbers. A special addition operation is
More informationLogic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation
Quantum logic gates Logic gates Classical NOT gate Quantum NOT gate (X gate) A NOT A α 0 + β 1 X α 1 + β 0 A N O T A 0 1 1 0 Matrix form representation 0 1 X = 1 0 The only non-trivial single bit gate
More informationCircuit Complexity. Circuit complexity is based on boolean circuits instead of Turing machines.
Circuit Complexity Circuit complexity is based on boolean circuits instead of Turing machines. A boolean circuit with n inputs computes a boolean function of n variables. Now, identify true/1 with yes
More informationPost-Quantum Cryptography
Post-Quantum Cryptography Sebastian Schmittner Institute for Theoretical Physics University of Cologne 2015-10-26 Talk @ U23 @ CCC Cologne This work is licensed under a Creative Commons Attribution-ShareAlike
More informationOutline. Available public-key technologies. Diffie-Hellman protocol Digital Signature. Elliptic curves and the discrete logarithm problem
Outline Public-key cryptography A collection of hard problems Mathematical Background Trapdoor Knapsack Integer factorization Problem Discrete logarithm problem revisited Case of Study: The Sun NFS Cryptosystem
More informationTHE RSA CRYPTOSYSTEM
THE RSA CRYPTOSYSTEM SILVIA ROBLES Abstract. This paper explores the history and mathematics behind the RSA cryptosystem, including the idea of public key cryptosystems and number theory. It outlines the
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 23, 2017 CPSC 467, Lecture 14 1/42 Computing in Z n Modular multiplication Modular inverses Extended Euclidean algorithm
More informationIntroduction to Cryptography. Lecture 8
Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols nichols@math.umass.edu University of Massachusetts Oct. 14, 2015 Cryptography basics Cryptography is the study of secure communications. Here are
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots
More informationCryptanalysis of a Fast Public Key Cryptosystem Presented at SAC 97
Cryptanalysis of a Fast Public Key Cryptosystem Presented at SAC 97 Phong Nguyen and Jacques Stern École Normale Supérieure, Laboratoire d Informatique 45, rue d Ulm, F 75230 Paris Cedex 05 {Phong.Nguyen,Jacques.Stern}@ens.fr
More informationCryptanalysis of two knapsack public-key cryptosystems
Cryptanalysis of two knapsack public-key cryptosystems Jingguo Bi 1, Xianmeng Meng 2, and Lidong Han 1 {jguobi,hanlidong}@sdu.edu.cn mengxm@sdfi.edu.cn 1 Key Laboratory of Cryptologic Technology and Information
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationCryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg
Course 1: Remainder: RSA Université du Luxembourg September 21, 2010 Public-key encryption Public-key encryption: two keys. One key is made public and used to encrypt. The other key is kept private and
More informationTopics in Cryptography. Lecture 5: Basic Number Theory
Topics in Cryptography Lecture 5: Basic Number Theory Benny Pinkas page 1 1 Classical symmetric ciphers Alice and Bob share a private key k. System is secure as long as k is secret. Major problem: generating
More informationIntroduction to Elliptic Curve Cryptography. Anupam Datta
Introduction to Elliptic Curve Cryptography Anupam Datta 18-733 Elliptic Curve Cryptography Public Key Cryptosystem Duality between Elliptic Curve Cryptography and Discrete Log Based Cryptography Groups
More informationIntroduction to Elliptic Curve Cryptography
Indian Statistical Institute Kolkata May 19, 2017 ElGamal Public Key Cryptosystem, 1984 Key Generation: 1 Choose a suitable large prime p 2 Choose a generator g of the cyclic group IZ p 3 Choose a cyclic
More informationPowers in Modular Arithmetic, and RSA Public Key Cryptography
1 Powers in Modular Arithmetic, and RSA Public Key Cryptography Lecture notes for Access 2006, by Nick Korevaar. It was a long time from Mary Queen of Scotts and substitution ciphers until the end of the
More informationAn Introduction to Probabilistic Encryption
Osječki matematički list 6(2006), 37 44 37 An Introduction to Probabilistic Encryption Georg J. Fuchsbauer Abstract. An introduction to probabilistic encryption is given, presenting the first probabilistic
More informationNetwork Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30
Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) LIU Zhen Due Date: March 30 Questions: 1. RSA (20 Points) Assume that we use RSA with the prime numbers p = 17 and q = 23. (a) Calculate
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationProvable Security for Public-Key Schemes. Outline. I Basics. Secrecy of Communications. Outline. David Pointcheval
Provable Security for Public-Key Schemes I Basics David Pointcheval Ecole normale supérieure, CNRS & INRIA IACR-SEAMS School Cryptographie: Foundations and New Directions November 2016 Hanoi Vietnam Introduction
More informationThe RSA cryptosystem and primality tests
Mathematics, KTH Bengt Ek November 2015 Supplementary material for SF2736, Discrete mathematics: The RSA cryptosystem and primality tests Secret codes (i.e. codes used to make messages unreadable to outsiders
More informationAttacks on RSA & Using Asymmetric Crypto
Attacks on RSA & Using Asymmetric Crypto Luke Anderson luke@lukeanderson.com.au 7 th April 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Breaking RSA 2.1 Chinese Remainder Theorem 2.2 Common
More informationOther Public-Key Cryptosystems
Other Public-Key Cryptosystems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 10-1 Overview 1. How to exchange
More informationElliptic curves: Theory and Applications. Day 4: The discrete logarithm problem.
Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem. Elisa Lorenzo García Université de Rennes 1 14-09-2017 Elisa Lorenzo García (Rennes 1) Elliptic Curves 4 14-09-2017 1 /
More informationLecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security
Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security Boaz Barak November 21, 2007 Cyclic groups and discrete log A group G is cyclic if there exists a generator
More informationLattice Reduction of Modular, Convolution, and NTRU Lattices
Summer School on Computational Number Theory and Applications to Cryptography Laramie, Wyoming, June 19 July 7, 2006 Lattice Reduction of Modular, Convolution, and NTRU Lattices Project suggested by Joe
More informationMath 299 Supplement: Modular Arithmetic Nov 8, 2013
Math 299 Supplement: Modular Arithmetic Nov 8, 2013 Numbers modulo n. We have previously seen examples of clock arithmetic, an algebraic system with only finitely many numbers. In this lecture, we make
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols University of Massachusetts Amherst nichols@math.umass.edu WINRS Research Symposium Brown University March 4, 2017 Cryptography basics Cryptography
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationTheme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS
1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!
More informationThe Elliptic Curve in https
The Elliptic Curve in https Marco Streng Universiteit Leiden 25 November 2014 Marco Streng (Universiteit Leiden) The Elliptic Curve in https 25-11-2014 1 The s in https:// HyperText Transfer Protocol
More informationPublic Key Cryptography
Public Key Cryptography Ali El Kaafarani 1 Mathematical Institute 2 PQShield Ltd. 1 of 44 Outline 1 Public Key Encryption: security notions 2 RSA Encryption Scheme 2 of 44 Course main reference 3 of 44
More informationECE 646 Lecture 9. RSA: Genesis, operation & security
ECE 646 Lecture 9 RSA: Genesis, operation & security Required Reading (1) W. Stallings, "Cryptography and Network-Security," Chapter 8.1 Prime Numbers Chapter 8.2 Fermat's and Euler's Theorems Chapter
More informationElliptic Curve Cryptography
AIMS-VOLKSWAGEN STIFTUNG WORKSHOP ON INTRODUCTION TO COMPUTER ALGEBRA AND APPLICATIONS Douala, Cameroon, October 12, 2017 Elliptic Curve Cryptography presented by : BANSIMBA Gilda Rech BANSIMBA Gilda Rech
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationPart V. Public-key cryptosystems, I. Key exchange, knapsack, RSA
Part V Public-key cryptosystems, I. Key exchange, knapsack, RSA CHAPTER 5: PUBLIC-KEY CRYPTOGRAPHY I. RSA The main problem of secret key (or symmetric) cryptography is that in order to send securely a
More informationOverview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017
CSC 580 Cryptography and Computer Security Math for Public Key Crypto, RSA, and Diffie-Hellman (Sections 2.4-2.6, 2.8, 9.2, 10.1-10.2) March 21, 2017 Overview Today: Math needed for basic public-key crypto
More informationTi Secured communications
Ti5318800 Secured communications Pekka Jäppinen September 20, 2007 Pekka Jäppinen, Lappeenranta University of Technology: September 20, 2007 Relies on use of two keys: Public and private Sometimes called
More information8 Elliptic Curve Cryptography
8 Elliptic Curve Cryptography 8.1 Elliptic Curves over a Finite Field For the purposes of cryptography, we want to consider an elliptic curve defined over a finite field F p = Z/pZ for p a prime. Given
More informationENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange
ENEE 457: Computer Systems Security 10/3/16 Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More informationdit-upm RSA Cybersecurity Cryptography
-upm Cybersecurity Cryptography José A. Mañas < http://www.dit.upm.es/~pepe/> Information Technology Department Universidad Politécnica de Madrid 4 october 2018 public key (asymmetric) public key secret
More informationECE596C: Handout #11
ECE596C: Handout #11 Public Key Cryptosystems Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract In this lecture we introduce necessary mathematical background for studying
More informationRSA-256bit 數位電路實驗 TA: 吳柏辰. Author: Trumen
RSA-256bit 數位電路實驗 TA: 吳柏辰 Author: Trumen Outline Introduction to Cryptography RSA Algorithm Montgomery Algorithm for RSA-256 bit 2 Introduction to Cryptography 3 Communication Is Insecure Alice Bob Paparazzi
More information