CIS 551 / TCOM 401 Computer and Network Security

Similar documents
Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Public Key Algorithms

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Chapter 8 Public-key Cryptography and Digital Signatures

Public Key Cryptography

Cryptography IV: Asymmetric Ciphers

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Chapter 4 Asymmetric Cryptography

Asymmetric Cryptography

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

8.1 Principles of Public-Key Cryptosystems

Topics in Cryptography. Lecture 5: Basic Number Theory

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

10 Public Key Cryptography : RSA

Number Theory. Modular Arithmetic

The RSA cryptosystem and primality tests

RSA. Ramki Thurimella

Lecture Notes, Week 6

Number Theory & Modern Cryptography

Mathematics of Cryptography

Introduction to Cryptography. Lecture 6

Foundations of Network and Computer Security

Lecture 1: Introduction to Public key cryptography

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Asymmetric Encryption

Great Theoretical Ideas in Computer Science

basics of security/cryptography

CRYPTOGRAPHY AND NUMBER THEORY

Public Key Cryptography

OWO Lecture: Modular Arithmetic with Algorithmic Applications

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

Introduction to Modern Cryptography. Benny Chor

ECE596C: Handout #11

Encryption: The RSA Public Key Cipher

CPSC 467b: Cryptography and Computer Security

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Discrete Mathematics GCD, LCM, RSA Algorithm

Introduction to Cybersecurity Cryptography (Part 5)

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

RSA RSA public key cryptosystem

Biomedical Security. Some Security News 9/17/2018. Erwin M. Bakker. Blockchains are not safe for voting (slashdot.org) : From: paragonie.

Lecture V : Public Key Cryptography

Introduction to Cryptography. Lecture 8

Ti Secured communications

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Basic elements of number theory

Basic elements of number theory

Number Theory A focused introduction

Applied Cryptography and Computer Security CSE 664 Spring 2018

Introduction to Public-Key Cryptosystems:

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Cryptography. P. Danziger. Transmit...Bob...

Public-Key Cryptosystems CHAPTER 4

CPSC 467b: Cryptography and Computer Security

Theory of Computation Chapter 12: Cryptography

Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30

10 Modular Arithmetic and Cryptography

Introduction. will now introduce finite fields of increasing importance in cryptography. AES, Elliptic Curve, IDEA, Public Key

Circuit Complexity. Circuit complexity is based on boolean circuits instead of Turing machines.

CPSC 467b: Cryptography and Computer Security

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

My brief introduction to cryptography

Powers in Modular Arithmetic, and RSA Public Key Cryptography

Introduction to Cybersecurity Cryptography (Part 4)

THE RSA ENCRYPTION SCHEME

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Introduction to Cybersecurity Cryptography (Part 4)

Outline. Available public-key technologies. Diffie-Hellman protocol Digital Signature. Elliptic curves and the discrete logarithm problem

Lecture 14: Hardness Assumptions

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

CS483 Design and Analysis of Algorithms

Ma/CS 6a Class 3: The RSA Algorithm

Discrete mathematics I - Number theory

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Public Key Encryption

An Introduction to Probabilistic Encryption

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

An Introduction to Cryptography

MATHEMATICS EXTENDED ESSAY

The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Week 7 An Application to Cryptography

CS March 17, 2009

Algorithmic Number Theory and Public-key Cryptography

8 Elliptic Curve Cryptography

Public-Key Encryption: ElGamal, RSA, Rabin

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

CSc 466/566. Computer Security. 5 : Cryptography Basics

Public Key Algorithms

Numbers. Çetin Kaya Koç Winter / 18

Math/Mthe 418/818. Review Questions

CPSC 467: Cryptography and Computer Security

Number Theory and Group Theoryfor Public-Key Cryptography

Mathematical Foundations of Public-Key Cryptography

Transcription:

CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1

Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It is easier than project 1 or 2, but don't wait to start 3/20/08 CIS/TCOM 551 2

Problems with Shared Key Crypto Compromised key means interceptors can decrypt any ciphertext they ve acquired. Change keys frequently to limit damage Distribution of keys is problematic Keys must be transmitted securely Use couriers? Distribute in pieces over separate channels? Number of keys is O(n 2 ) where n is # of participants Potentially easier to break? 3/20/08 CIS/TCOM 551 3

Diffie-Hellman Key Exchange Choose a prime p (publicly known) Should be about 512 bits or more Pick g < p (also public) g must be a primitive root of p. A primitive root generates the finite field p. Every n in {1, 2,, p-1} can be written as g k mod p Example: 2 is a primitive root of 5 2 0 = 1 2 1 = 2 2 2 = 4 2 3 = 3 (mod 5) Intuitively means that it s hard to take logarithms base g because there are many candidates. 3/20/08 CIS/TCOM 551 4

Diffie-Hellman Alice Let s use (p, g) OK g A mod p g B mod p Bart 1. Alice & Bart decide on a public prime p and primitive root g. 2. Alice chooses secret number A. Bart chooses secret number B 3. Alice sends Bart g A mod p. 4. The shared secret is g AB mod p. 3/20/08 CIS/TCOM 551 5

Details of Diffie-Hellman Alice computes g AB mod p because she knows A: g AB mod p = (g B mod p) A mod p An eavesdropper gets g A mod p and g B mod p They can easily calculate g A+B mod p but that doesn t help. The problem of computing discrete logarithms (to recover A from g A mod p is hard. 3/20/08 CIS/TCOM 551 6

Example Alice and Bart agree that q=71 and g=7. Alice selects a private key A=5 and calculates a public key g A 7 5 51 (mod 71). She sends this to Bart. Bart selects a private key B=12 and calculates a public key g B 7 12 4 (mod 71). He sends this to Alice. Alice calculates the shared secret: S (g B ) A 4 5 30 (mod 71) Bart calculates the shared secret S (g A ) B 51 12 30 (mod 71) 3/20/08 CIS/TCOM 551 7

Why Does it Work? Security is provided by the difficulty of calculating discrete logarithms. Feasibility is provided by The ability to find large primes. The ability to find primitive roots for large primes. The ability to do efficient modular arithmetic. Correctness is an immediate consequence of basic facts about modular arithmetic. 3/20/08 CIS/TCOM 551 8

One-way Functions A function is one-way if it s Easy to compute Hard to invert (in the average case) Examples Exponentiation vs. Discrete Log Multiplication vs. Factoring Knapsack Packing Given a set of numbers {1, 3, 6, 8, 12} find the sum of a subset Given a target sum, find a subset that adds to it Trapdoor functions Easy to invert given some extra information E.g. factoring p*q given q 3/20/08 CIS/TCOM 551 9

Public Key Cryptography Sender encrypts using a public key Receiver decrypts using a private key Only the private key must be kept secret Public key can be distributed at will Also called asymmetric cryptography Can be used for digital signatures Examples: RSA, El Gamal, DSA, various algorithms based on elliptic curves Used in SSL, ssh, PGP, 3/20/08 CIS/TCOM 551 10

Public Key Notation Encryption algorithm E : keypub x plain cipher Notation: K{msg} = E(K, msg) Decryption algorithm D : keypriv x cipher plain Notation: k{msg} = D(k,msg) D inverts E D(k, E(K, msg)) = msg Use capital K for public keys Use lower case k for private keys Sometimes E is the same algorithm as D 3/20/08 CIS/TCOM 551 11

Secure Channel: Private Key Alice Bart K B {Hello!} K A {Hi!} K A,K B k A K A, K B k B 3/20/08 CIS/TCOM 551 12

Trade-offs for Public Key Crypto More computationally expensive than shared key crypto Algorithms are harder to implement Require more complex machinery More formal justification of difficulty Hardness based on complexity-theoretic results A principal needs one private key and one public key Number of keys for pair-wise communication is O(n) 3/20/08 CIS/TCOM 551 13

RSA Algorithm Ron Rivest, Adi Shamir, Leonard Adleman Proposed in 1979 They won the 2002 Turing award for this work Has withstood years of cryptanalysis Not a guarantee of security! But a strong vote of confidence. Hardware implementations: 1000 x slower than DES 3/20/08 CIS/TCOM 551 14

RSA at a High Level Public and private key are derived from secret prime numbers Keys are typically 1024 bits Plaintext message (a sequence of bits) Treated as a (large!) binary number Encryption is modular exponentiation To break the encryption, conjectured that one must be able to factor large numbers Not known to be in P (polynomial time algorithms) 3/20/08 CIS/TCOM 551 15

Number Theory: Modular Arithmetic Examples: 10 mod 12 = 10 13 mod 12 = 1 (10 + 13) mod 12 = 23 mod 12 = 11 mod 12 23 11 (mod 12) 23 is congruent to 11 (mod 12) a b (mod n) iff a = b + kn (for some integer k) The residue of a number modulo n is a number in the range 0 n-1 3/20/08 CIS/TCOM 551 16

Number Theory: Prime Numbers A prime number is an integer > 1 whose only factors are 1 and itself. Two integers are relatively prime if their only common factor is 1 gcd = greatest common divisor gcd(a,b) = 1 gcd(15,12) = 3, so they re not relatively prime gcd(15,8) = 1, so they are relatively prime Easy to compute GCD using Euclid s Algorithm 3/20/08 CIS/TCOM 551 17

Finite Fields (Galois Fields) For a prime p, the set of integers mod p forms a finite field Addition + Additive unit 0 Multiplication * Multiplicative unit 1 Inverses: n * n -1 = 1 for n 0 Suppose p = 5, then the finite field is {0,1,2,3,4} 2-1 = 3 because 2 * 3 1 mod 5 4-1 = 4 because 4 * 4 1 mod 5 Usual laws of arithmetic hold for modular arithmetic: Commutativity, associativity, distributivity of * over + 3/20/08 CIS/TCOM 551 18

RSA Key Generation Choose large, distinct primes p and q. Should be roughly equal length (in bits) Let n = p*q Choose a random encryption exponent e With requirement: e and (p-1)*(q-1) are relatively prime. Derive the decryption exponent d d = e -1 mod ((p-1)*(q-1)) d is e s inverse mod ((p-1)*(q-1)) Public key: K = (e,n) pair of e and n Private key: k = (d,n) Discard primes p and q (they re not needed anymore) 3/20/08 CIS/TCOM 551 19

RSA Encryption and Decryption Message: m Assume m < n If not, break up message into smaller chunks Good choice: largest power of 2 smaller than n Encryption: E((e,n), m) = m e mod n Decryption: D((d,n), c) = c d mod n 3/20/08 CIS/TCOM 551 20

Example RSA Choose p = 47, q = 71 n = p * q = 3337 (p-1)*(q-1) = 3220 Choose e relatively prime with 3220: e = 79 Public key is (79, 3337) Find d = 79-1 mod 3220 = 1019 Private key is (1019, 3337) To encrypt m = 688232687966683 Break into chunks < 3337 688 232 687 966 683 Encrypt: E((79, 3337), 688) = 688 79 mod 3337 = 1570 Decrypt: D((1019, 3337), 1570) = 1570 1019 mod 3337 = 688 3/20/08 CIS/TCOM 551 21

Euler s totient function: φ(n) φ(n) is the number of positive integers less than n that are relatively prime to n φ(12) = 4 Relative primes of 12 (less than 12): {1, 5, 7, 11} For p a prime, φ(p) = p-1. Why? For p,q two distinct primes, φ(p*q) = (p-1)*(q-1) There s p*q-1 numbers less than p*q Factors of p*q = {1*p, 2*p,, q*p} for a total of q of them {1*q, 2*q,, p*q} for another of of them No other numbers φ(p*q) = (p*q) - (p + q - 1) = pq - p - q + 1 = (p-1)*(q-1) q many multiples of p All #s p*q don t double count p*q P many multiples of q 3/20/08 CIS/TCOM 551 22

Fermat s Little Theorem Generalized by Euler. Theorem: If p is a prime then a p a mod p. Corollary: If gcd(a,n) = 1 then a φ(n) 1 mod n. Easy to compute a -1 mod n a -1 mod n = a φ(n)-1 mod n Why? a * a φ(n)-1 mod n = a φ(n)-1+1 mod n = a φ(n) mod n = 1 3/20/08 CIS/TCOM 551 23

Example of Fermat s Little Theorem What is the inverse of 5, modulo 7? 7 is prime, so φ(7) = 6 5-1 mod 7 = 5 6-1 mod 7 = 5 5 mod 7 = (5 2 * 5 2 * 5) mod 7 = ( (5 2 mod 7) * (5 2 mod 7) * (5 mod 7) ) mod 7 = ( (4 mod 7) * (4 mod 7) * (5 mod 7) ) mod 7 = ( (16 mod 7) * (5 mod 7) ) mod 7 = ( (2 mod 7) * (5 mod 7) ) mod 7 = (10 mod 7) mod 7 = 3 mod 7 = 3 3/20/08 CIS/TCOM 551 24

Chinese Remainder Theorem (Or, enough of it for our purposes ) Suppose: p and q are relatively prime a b (mod p) a b (mod q) Then: a b (mod p*q) Proof: p divides (a-b) (because a mod p = b mod p) q divides (a-b) Since p, q are relatively prime, p*q divides (a-b) But that is the same as: a b (mod p*q) 3/20/08 CIS/TCOM 551 25

Proof that D inverts E c d mod n = (m e ) d mod n (definition of c) = m ed mod n (arithmetic) = m k*(p-1)*(q-1) + 1 mod n (d inverts e) = m*m k*(p-1)*(q-1) mod n (arithmetic) = m mod n (C. R. theorem) = m (m < n) e*d 1 mod (p-1)*(q-1) 3/20/08 CIS/TCOM 551 26

Finished Proof Note: m p-1 1 mod p (if p doesn t divide m) Why? Fermat s little theorem. Same argument yields: m q-1 1 mod q Implies: m k*φ(n)+1 m mod p And m k*φ(n)+1 m mod q Chinese Remainder Theorem implies: m k*φ(n)+1 m mod n 3/20/08 CIS/TCOM 551 27

How to Generate Prime Numbers Many strategies, but Rabin-Miller primality test is often used in practice. a p-1 1 mod p Efficiently checkable test that, with probability ¾, verifies that a number p is prime. Iterate the Rabin-Miller primality test t times. Probability that a composite number will slip through the test is (¼) t These are worst-case assumptions. In practice (takes several seconds to find a 512 bit prime): 1. Generate a random n-bit number, p 2. Set the high and low bits to 1 (to ensure it is the right number of bits and odd) 3. Check that p isn t divisible by any small primes 3,5,7,,<2000 4. Perform the Rabin-Miller test at least 5 times. 3/20/08 CIS/TCOM 551 28

Rabin-Miller Primality Test Is n prime? Write n as n = (2 r )*s + 1 Pick random number a, with 1 a n - 1 If a s 1 mod n and for all j in {0 r-1}, a 2js -1 mod n Then return composite Else return probably prime 3/20/08 CIS/TCOM 551 29

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback