basics of security/cryptography

Similar documents
Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Public Key Algorithms

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

CIS 551 / TCOM 401 Computer and Network Security

10 Modular Arithmetic and Cryptography

Topics in Cryptography. Lecture 5: Basic Number Theory

Discrete Mathematics GCD, LCM, RSA Algorithm

CS483 Design and Analysis of Algorithms

Introduction to Public-Key Cryptosystems:

Introduction to Cryptography. Lecture 6

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Public Key Cryptography

Ma/CS 6a Class 4: Primality Testing

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Ma/CS 6a Class 2: Congruences

Number Theory A focused introduction

Lecture Notes, Week 6

Public Key Encryption

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

Encryption: The RSA Public Key Cipher

Introduction to Modern Cryptography. Benny Chor

Lecture 6: Introducing Complexity

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Lecture 1: Introduction to Public key cryptography

ECE596C: Handout #11

Cryptography IV: Asymmetric Ciphers

Ma/CS 6a Class 2: Congruences

Number theory (Chapter 4)

Carmen s Core Concepts (Math 135)

Elliptic Curve Cryptography

Mathematics of Cryptography

CSE 521: Design and Analysis of Algorithms I

Ma/CS 6a Class 3: The RSA Algorithm

Asymmetric Encryption

CPSC 467b: Cryptography and Computer Security

Chapter 8. Introduction to Number Theory

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

OWO Lecture: Modular Arithmetic with Algorithmic Applications

University of Tokyo: Advanced Algorithms Summer Lecture 6 27 May. Let s keep in mind definitions from the previous lecture:

Cryptography: Joining the RSA Cryptosystem

Ma/CS 6a Class 4: Primality Testing

CPSC 467b: Cryptography and Computer Security

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

CS March 17, 2009

CSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography

Mathematical Foundations of Public-Key Cryptography

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

CPSC 467b: Cryptography and Computer Security

Introduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions

10 Public Key Cryptography : RSA

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Applied Cryptography and Computer Security CSE 664 Spring 2018

ICS141: Discrete Mathematics for Computer Science I

CPSC 467: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security

Public-Key Cryptosystems CHAPTER 4

Chapter 8 Public-key Cryptography and Digital Signatures

Number Theory & Modern Cryptography

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

ALG 4.0 Number Theory Algorithms:

RSA. Ramki Thurimella

Introduction to Cybersecurity Cryptography (Part 5)

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Cryptography. pieces from work by Gordon Royle

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

Elementary Number Theory MARUCO. Summer, 2018

Biomedical Security. Some Security News 9/17/2018. Erwin M. Bakker. Blockchains are not safe for voting (slashdot.org) : From: paragonie.

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

CRYPTOGRAPHY AND NUMBER THEORY

Theory of RSA. Hiroshi Toyoizumi 1. December 8,

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

Introduction. What is RSA. A Guide To RSA by Robert Yates. Topics

ENEE 457: Computer Systems Security. Lecture 5 Public Key Crypto I: Number Theory Essentials

Public Key Cryptography

Number Theory and Group Theoryfor Public-Key Cryptography

Basic elements of number theory

Basic elements of number theory

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

Number Theory. Modular Arithmetic

Introduction to Cryptography. Lecture 8

Cryptography. P. Danziger. Transmit...Bob...

Introduction to Cybersecurity Cryptography (Part 4)

Public-Key Cryptography. Lecture 10 DDH Assumption El Gamal Encryption Public-Key Encryption from Trapdoor OWP

Innovation and Cryptoventures. Cryptography 101. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

Solutions to the Mathematics Masters Examination

Introduction to Modern Cryptography. Benny Chor

My brief introduction to cryptography

Introduction to Cybersecurity Cryptography (Part 4)

Linear Congruences. The equation ax = b for a, b R is uniquely solvable if a 0: x = b/a. Want to extend to the linear congruence:

Pseudo-random Number Generation. Qiuliang Tang

Transcription:

RSA Cryptography

basics of security/cryptography Bob encrypts message M into ciphertext C=P(M) using a public key; Bob sends C to Alice Alice decrypts ciphertext back into M using a private key (secret) M = S(C) anyone else listening gets C but cannot decrypt to M without the private key

Modulo arithmetics all variables in this lecture are integers "x=y mod n" means x-y is a multiple of n - for example 22=2 mod 5, since 22-2=20 is a multiple of 5 - x and y have the same reminder on division with n a=b mod n and c=d mod n imply - a+c = b+d mod n - a*c = b*d mod n exponentiation works too, logarithm a bit tricky - a n = a*a*a...*a mod n //product of a n times ax=b mod n equation solvable if all common factors of and n are also factors of b (see 31.4 in the book) GCD (greatest common divisor) solution via Extended-Euclid algorithm

RSA n=p*q; p,q large prime numbers ϕ(n) = (p-1)(q-1) Demo goes here. e = small integer, relatively prime with ϕ(n) d = inverse of e modulo ϕ(n) - d*e = 1 mod ϕ(n) encoding of message M : C = P(M)= M e mod n decoding of ciphertext C : M = S(C) = C d mod n

RSA demo http://www.screencast.com/t/mlctfbesfvo7

RSA is correct - prelim 1 Fermat theorem : - if p prime, and a 0 mod p, - then a p-1 = 1 mod p proof (idea) - set S={1, 2, 3,...p-1} is the same as set T= {1a mod p, 2a mod p, 3a mod p,... (p-1)a mod p. Proof by contradiction: if fa and ga mod p are the same number in S, then fa = ga mod p => p a(f-g)=> p (f-g) => f=g - in S every number can be paired up with its inverse mod p (also in S), so that we can have (p-1)/2 pairs of u*v=1 mod p. That means : 1*2*3...*(p-1) mod p = (p-1)! mod p = 1 mod p - 1= (p-1)! mod p = (elem in S) mod p = (elem in T) mod p = 1a*2a*3a*...*(p-1)a mod p = (p-1)! a p-1 mod p = a p-1 mod p

RSA is correct - prelim 2 Chinese Reminder Theorem (simplified) : - p,q primes; a fixed integer - x = a mod p ; x = a mod q - then x = a mod p*q proof (idea) - x = a mod p => x = up+a; similarly x=vq+a - x = up+a = vq+a => up=vq; since p,q primes => u=zq - thus x = up+a = zpq+a = a mod p*q

RSA is correct - proof e,d inverse to each other mod (p-1) (q-1) means ed = 1+k(p-1)(q-1) Alice decrypting result is C d mod n = (M e mod n) d mod n = M ed mod n. From Fermat Theorem, using ed = 1+k(p-1)(q-1) - M ed = M mod p - M ed = M mod q From Chinese Reminder Theorem n=p*q; p,q primes; M ed = M mod p; M ed = M mod q then M ed = M mod n - thus Alice gets back the original message M

RSA easy to implement both Bob and Alice only have to execute a modular exponentiation of a given power: - given x, compute x k mod n such exponentiation can be implemented efficiently, even for large numbers

Why RSA is secure Only known way to break RSA is to factorize n into factors n=p*q - p, q unknown - there might be other ways to break RSA, but currently unknown Factorization is hard when p and q are large - although primality testing is easy - See the blog page Factoring Again (pdf provided) by Richard J. Lipton

How to find large primes p pick a random large number (1024 bits) and test if prime

How to find large primes p pick a random large number (1024 bits) and test if prime FERMAT (p, t 0,1 mod p) - if t p-1 1 (mod p) RETURN 0; // definitely p not prime due to Fermat's theorem - if t p-1 = 1 (mod p) RETURN 1 //we dont know, but we have some belief p might be prime

How to find large primes p pick a random large number (1024 bits) and test if prime FERMAT (p, t 0,1 mod p) - if t p-1 1 (mod p) RETURN 0; // definitely p not prime due to Fermat's theorem - if t p-1 = 1 (mod p) RETURN 1 //we dont know, but we have some belief p might be prime this procedure can be implemented efficiently by extracting powers of 2 from p-1 first (see book page 969)

How to find large primes p pick a random large number (1024 bits) and test if prime FERMAT (p, t 0,1 mod p) - if t p-1 1 (mod p) RETURN 0; // definitely p not prime due to Fermat's theorem - if t p-1 = 1 (mod p) RETURN 1 //we dont know, but we have some belief p might be prime this procedure can be implemented efficiently by extracting powers of 2 from p-1 first (see book page 969) MILLER-RABIN primality testing (p, s) - for s independent rounds - pick t = random (2, p-1) - if (FERMAT(t,p)==0) RETURN "not prime" // definitely correct - return "prime" // rarely incorrect for large s

How to find large primes p pick a random large number (1024 bits) and test if prime FERMAT (p, t 0,1 mod p) - if t p-1 1 (mod p) RETURN 0; // definitely p not prime due to Fermat's theorem - if t p-1 = 1 (mod p) RETURN 1 //we dont know, but we have some belief p might be prime this procedure can be implemented efficiently by extracting powers of 2 from p-1 first (see book page 969) MILLER-RABIN primality testing (p, s) - for s independent rounds - pick t = random (2, p-1) - if (FERMAT(t,p)==0) RETURN "not prime" // definitely correct - return "prime" // rarely incorrect for large s Error probability for MILLE-RABIN (return "prime" on non prime p) is at most 2 -s

How many primes are there? there are infinitely many primes π(n) = number of primes smaller or equal to n when n is big, π(n) n/ ln (n) - for example n=10 9 - number of primes is up to 10 9 is about 10 9 /ln(10 9 ) = 48,254,942

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback