My brief introduction to cryptography

Similar documents
Cryptography. P. Danziger. Transmit...Bob...

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Chapter 8 Public-key Cryptography and Digital Signatures

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Cryptography IV: Asymmetric Ciphers

CIS 551 / TCOM 401 Computer and Network Security

Chapter 4 Asymmetric Cryptography

Asymmetric Cryptography

Public Key Cryptography

10 Modular Arithmetic and Cryptography

Lecture 1: Introduction to Public key cryptography

Encryption: The RSA Public Key Cipher

Introduction to Modern Cryptography. Benny Chor

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

CRYPTOGRAPHY AND NUMBER THEORY

RSA. Ramki Thurimella

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Discrete Mathematics GCD, LCM, RSA Algorithm

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Number Theory & Modern Cryptography

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Public-Key Encryption: ElGamal, RSA, Rabin

Public-Key Cryptosystems CHAPTER 4

Public Key Algorithms

CRYPTOGRAPHY AND LARGE PRIMES *

Public-key Cryptography and elliptic curves

MATH3302 Cryptography Problem Set 2

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Public-key Cryptography and elliptic curves

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Ti Secured communications

Topics in Cryptography. Lecture 5: Basic Number Theory

Introduction to Cryptography. Lecture 8

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Week 7 An Application to Cryptography

Lecture Notes, Week 6

Asymmetric Encryption

CPSC 467b: Cryptography and Computer Security

Great Theoretical Ideas in Computer Science

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

Introduction to Modern Cryptography. Benny Chor

An Introduction to Cryptography

Mathematics of Cryptography

and Other Fun Stuff James L. Massey

Introduction to Cryptography. Lecture 6

Discrete mathematics I - Number theory

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Biomedical Security. Some Security News 9/17/2018. Erwin M. Bakker. Blockchains are not safe for voting (slashdot.org) : From: paragonie.

THE RSA CRYPTOSYSTEM

An Introduction to Probabilistic Encryption

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

RSA RSA public key cryptosystem

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

basics of security/cryptography

OWO Lecture: Modular Arithmetic with Algorithmic Applications

ENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange

The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

The RSA cryptosystem and primality tests

ECE 646 Lecture 9. RSA: Genesis, operation & security

Notes 10: Public-key cryptography

Private Key Cryptography. Fermat s Little Theorem. One Time Pads. Public Key Cryptography

Introduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions

ECE596C: Handout #11

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Other Public-Key Cryptosystems

8.1 Principles of Public-Key Cryptosystems

Introduction to Elliptic Curve Cryptography. Anupam Datta

Introduction to Public-Key Cryptosystems:

Lecture 17 - Diffie-Hellman key exchange, pairing, Identity-Based Encryption and Forward Security

Discrete Logarithm Problem

Innovation and Cryptoventures. Cryptography 101. Campbell R. Harvey. Duke University, NBER and Investment Strategy Advisor, Man Group, plc

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Simple Math: Cryptography

Powers in Modular Arithmetic, and RSA Public Key Cryptography

Number Theory. Modular Arithmetic

Other Public-Key Cryptosystems

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

Lecture 14: Hardness Assumptions

Introduction to Cybersecurity Cryptography (Part 4)

Introduction to Cybersecurity Cryptography (Part 5)

Ma/CS 6a Class 3: The RSA Algorithm

8 Elliptic Curve Cryptography

Mathematics of Public Key Cryptography

Lecture V : Public Key Cryptography

Eindhoven University of Technology MASTER. Kleptography cryptography with backdoors. Antheunisse, M. Award date: 2015

Introduction to Cybersecurity Cryptography (Part 4)

CS March 17, 2009

Math 412: Number Theory Lecture 13 Applications of

Number theory (Chapter 4)

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Biomedical Security. Overview 9/15/2017. Erwin M. Bakker

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

Cryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages

Math.3336: Discrete Mathematics. Mathematical Induction

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Transcription:

My brief introduction to cryptography David Thomson dthomson@math.carleton.ca Carleton University September 7, 2013 introduction to cryptography September 7, 2013 1 / 28

Outline 1 The general framework 2 Historical ciphers Pre-20th century World War I 3 Modern block ciphers DES/AES 4 A little number theory Mathematics!!! Hard problems 5 Intro to public-key Diffie-Hellman(-Merkle) RSA 6 Conclusions introduction to cryptography September 7, 2013 2 / 28

A simple game Alice and Bob want to exchange information without Eve finding out the message. introduction to cryptography September 7, 2013 3 / 28

Some assumptions Encryption and Decryption should be easy for Alice and Bob but should be impossible for Eve. A common theme that we will find is that security and practicality are almost always trade-offs. The inherent assumption is that the opponent will discover the nature of the system. In other words the inner workings of the cryptosystem is public. The only secret is the shared key. introduction to cryptography September 7, 2013 4 / 28

A pretty picture introduction to cryptography September 7, 2013 5 / 28

Greek transposition cipher A long strip of paper was wrapped around a staff and the message written. When unwrapped, it appears as a random jumble of letters. introduction to cryptography September 7, 2013 6 / 28

Greek transposition cipher A long strip of paper was wrapped around a staff and the message written. When unwrapped, it appears as a random jumble of letters. The diameter of the staff is the secret key introduction to cryptography September 7, 2013 6 / 28

Caesar cipher Introduced by Julius Caesar. Shift letters 3 to the right (mod 26): A D, B E,, X A, Y B, Z C. Example. Decode PDWK UXOHV! introduction to cryptography September 7, 2013 7 / 28

Some other examples Substitution ciphers. Any permutation of letters. Easy to break by simple frequency analysis. Leonardo da Vinci. Trained himself to write in mirror-image. Simple to read but mirrors were expensive. introduction to cryptography September 7, 2013 8 / 28

What s the problem? introduction to cryptography September 7, 2013 9 / 28

Product cipher: ADFGVX Cipher created by the Germans in World War I. 26 letters and 10 numbers can be expressed as a 6 6 grid. introduction to cryptography September 7, 2013 10 / 28

Product cipher: ADFGVX Cipher created by the Germans in World War I. 26 letters and 10 numbers can be expressed as a 6 6 grid. A D F G V X A K Z W R I F D 9 B 6 C L 5 F Q 7 5 P G X G E V Y 3 A N V 8 0 D H O 2 X U 4 1 S T M Grid is public knowledge! Secret key is a word with no repeated letters. Our secret key is DANIEL. introduction to cryptography September 7, 2013 10 / 28

Product cipher: ADFGVX Cipher created by the Germans in World War I. 26 letters and 10 numbers can be expressed as a 6 6 grid. A D F G V X A K Z W R I F D 9 B 6 C L 5 F Q 7 5 P G X G E V Y 3 A N V 8 0 D H O 2 X U 4 1 S T M Grid is public knowledge! Secret key is a word with no repeated letters. Our secret key is DANIEL. Two-step process: Encode the word, then shuffle. introduction to cryptography September 7, 2013 10 / 28

ADFGVX cont d A D F G V X A K Z W R I F D 9 B 6 C L 5 F Q 7 5 P G X G E V Y 3 A N V 8 0 D H O 2 X U 4 1 S T M Let s encode the word: HELLOS Each letter encoded by row-column index avid Thomson dthomson@math.carleton.ca (Carleton My briefuniversity) introduction to cryptography September 7, 2013 11 / 28

ADFGVX cont d A D F G V X A K Z W R I F D 9 B 6 C L 5 F Q 7 5 P G X G E V Y 3 A N V 8 0 D H O 2 X U 4 1 S T M Let s encode the word: HELLOS Each letter encoded by row-column index VG GA DV DV VV XG introduction to cryptography September 7, 2013 11 / 28

ADFGVX cont d: Retrieving the ciphertext Encoded message: VG GA DV DV VV XG Number the letters of the secret key lexicographically. In the rows beneath, write out the encoded message, wrapping at the end of the row. D A N I E L avid Thomson dthomson@math.carleton.ca (Carleton My briefuniversity) introduction to cryptography September 7, 2013 12 / 28

ADFGVX cont d: Retrieving the ciphertext Encoded message: VG GA DV DV VV XG Number the letters of the secret key lexicographically. In the rows beneath, write out the encoded message, wrapping at the end of the row. D A N I E L 2 1 6 4 3 5 avid Thomson dthomson@math.carleton.ca (Carleton My briefuniversity) introduction to cryptography September 7, 2013 12 / 28

ADFGVX cont d: Retrieving the ciphertext Encoded message: VG GA DV DV VV XG Number the letters of the secret key lexicographically. In the rows beneath, write out the encoded message, wrapping at the end of the row. D A N I E L 2 1 6 4 3 5 V G G A D V D V V V X G avid Thomson dthomson@math.carleton.ca (Carleton My briefuniversity) introduction to cryptography September 7, 2013 12 / 28

ADFGVX cont d: Retrieving the ciphertext Encoded message: VG GA DV DV VV XG Number the letters of the secret key lexicographically. In the rows beneath, write out the encoded message, wrapping at the end of the row. D A N I E L 2 1 6 4 3 5 V G G A D V D V V V X G The ciphertext is given by reading down the columns in numerical order: avid Thomson dthomson@math.carleton.ca (Carleton My briefuniversity) introduction to cryptography September 7, 2013 12 / 28

ADFGVX cont d: Retrieving the ciphertext Encoded message: VG GA DV DV VV XG Number the letters of the secret key lexicographically. In the rows beneath, write out the encoded message, wrapping at the end of the row. D A N I E L 2 1 6 4 3 5 V G G A D V D V V V X G The ciphertext is given by reading down the columns in numerical order: Ciphertext: GV VD DX AV VG GV avid Thomson dthomson@math.carleton.ca (Carleton My briefuniversity) introduction to cryptography September 7, 2013 12 / 28

Data Encryption Standard DES is the first commercial-grade modern algorithm for cryptography. DES is a block cipher that combines permutations and substitutions Introduced in the mid-1970s by IBM. The United States National Security Agency tweaked the original DES design (S-boxes) to make it more secure. DES is now considered to be insecure, owing largely to a key size of only 56 bits. (Wikipedia) distributed.net collaborated to publicly break a DES key in 22 hours and 15 minutes. This can be done on a home computer (sitting in the corner for a long time), today. introduction to cryptography September 7, 2013 13 / 28

More DES We sent the S-boxes off to Washington. They came back and were all different. I don t want to cite Wikipedia twice in 2 slides but they really have a good read on the history (with citations!!) of DES and the NSA. rams: Key-size of 56 bits and block size of 64 bits. Breaks the block into half-blocks, and the key into subkeys. Runs each half-block and sub-key through 16 rounds of the following system. introduction to cryptography September 7, 2013 14 / 28

introduction to cryptography September 7, 2013 15 / 28

Greatest common divisors If p and q are two integers, we call the greatest common divisor d = gcd(p, q) the greatest integer such that d divides p and d divides q. If d = 1 we call p and q relatively prime. By the Extended Euclidean Algorithm we can compute integers a and b such that d = ap + bq. introduction to cryptography September 7, 2013 16 / 28

Just a little theorem Definition. Let G be a group and let G = n, we call n the order of G. Theorem. (Lagrange - mid 18th century) Suppose a G, then a n = 1 G. Theorem. (Euler - early-mid 18th century) Suppose a is an integer relatively prime to n. Then a φ(n) 1 (mod n). Fermat s Little Theorem - early 17th century. If p is a prime number then for any integer a we have a p a (mod p). introduction to cryptography September 7, 2013 17 / 28

What remains in China... Chinese Remainder Theorem. Suppose n 1, n 2,..., n k are positive integers with gcd(n i, n j ) = 1, 1 i < j k. For any given a 1, a 2,..., a k there exists an integer x such that x a 1 (mod n 1 ) x a 2 (mod n 2 ) x a k (mod n k ) and all such solutions x are congruent (mod n 1 n 2 n k ). Thus x y (mod n i ) for all 1 i k if and only if x y (mod n 1 n 2 n k ). introduction to cryptography September 7, 2013 18 / 28

Finite fields Let p be a prime, then Z p, the set of integers (mod p) forms a field with respect to addition and multiplication (mod p). If F is a finite field, then F has order q = p n and we can view F as the vector space Z n p. So, we can model binary words of length n in the vector space Z n 2... introduction to cryptography September 7, 2013 19 / 28

Hard problems - Integer factorization The integer factorization problem is: given an integer n, determine its prime factorization, i.e., write n = p e 1 1 pe k k where the p i are distinct primes and e i > 1. Much harder than primality testing! The AKS primality test shows that primality testing is in P. Algorithms split into general purpose (for all types of integers) and special purpose (for integers of prescribed form). The best general-purpose factoring algorithm is the number field sieve developed by Lenstra and Lenstra in the early 90s. Number field sieve runs in sub-exponential time ( O(n 1/3 log(n) 2/3 )). introduction to cryptography September 7, 2013 20 / 28

Easy problems - Continuous logarithms Given y R, it is easy to find x such that y = e x (i.e., x = ln(y)). When x < 1, log (1/(1 x)) = 1 + x + x 2 /2 + x 3 /3 +. The logarithm of a real number is simple to compute. introduction to cryptography September 7, 2013 21 / 28

Hard problems - Discrete logarithms Problem. In a cyclic group G with generator g, if y is an element of G, find x such that y = g x. The integer 1 x q 1 is the discrete logarithm of y, denoted DLOG g (y). The discrete logarithm follows the same arithmetic rules as the continuous, can be implemented in any finite cyclic group, commonly taken to be the multiplicative group of a finite field avid Thomson dthomson@math.carleton.ca (Carleton My briefuniversity) introduction to cryptography September 7, 2013 22 / 28

Hard problems - Discrete logarithms Problem. In a cyclic group G with generator g, if y is an element of G, find x such that y = g x. The integer 1 x q 1 is the discrete logarithm of y, denoted DLOG g (y). The discrete logarithm follows the same arithmetic rules as the continuous, can be implemented in any finite cyclic group, commonly taken to be the multiplicative group of a finite field quantum computers reduce the run time of calculating the discrete logarithm (polynomial time somewhat greater than O(log(N) 3 ). avid Thomson dthomson@math.carleton.ca (Carleton My briefuniversity) introduction to cryptography September 7, 2013 22 / 28

Diffie Hellman Key Exchange Protocol Diffie-Hellman is not a cryptosystem!!! Diffie-Hellman is a key-exchange protocol. Developed in 1976 by researchers at Stanford. Paper was written by Diffie and Hellman, but the concept was developed by Merkle. Based on the difficulty of the discrete-logarithm problem. Controversy!!! avid Thomson dthomson@math.carleton.ca (Carleton My briefuniversity) introduction to cryptography September 7, 2013 23 / 28

Diffie Hellman Key Exchange Protocol Diffie-Hellman is not a cryptosystem!!! Diffie-Hellman is a key-exchange protocol. Developed in 1976 by researchers at Stanford. Paper was written by Diffie and Hellman, but the concept was developed by Merkle. Based on the difficulty of the discrete-logarithm problem. Controversy!!! The British services took credit for developing key-exchange in 1972. This was not made public until 1997. Who do you think is actually the founder? avid Thomson dthomson@math.carleton.ca (Carleton My briefuniversity) introduction to cryptography September 7, 2013 23 / 28

Diffie-Hellman: The mystery explained Public information: a prime power q and a generator g such that F q =< g >. Alice Secret key a Compute g a Receive g b Bob Secret key b Compute g b Receive g a avid Thomson dthomson@math.carleton.ca (Carleton My briefuniversity) introduction to cryptography September 7, 2013 24 / 28

Diffie-Hellman: The mystery explained Public information: a prime power q and a generator g such that F q =< g >. Alice Secret key a Compute g a Receive g b Compute (g b ) a Bob Secret key b Compute g b Receive g a Compute (g a ) b Public key is g ab introduction to cryptography September 7, 2013 24 / 28

What is RSA?? Reference: Handbook of Applied Cryptography by Menezes, van Oorschot and Vanstone, U of Waterloo, http://www.cacr.math.uwaterloo.ca/hac/ RSA stands for Rivest, Shamir and Adleman, originally submitted as a patent. Security of RSA is based on the difficulty of integer factorization. Can also be used for digital signatures (but that s another talk). introduction to cryptography September 7, 2013 25 / 28

RSA Key Generation 1 Pick two large primes p and q, roughly the same size, at random. 2 Compute n = pq and φ = (p 1)(q 1). 3 Select a random integer e such that gcd(e, φ) = 1. 4 Use Extended Euclidean Algorithm to find d, 1 < d < φ such that ed 1 (mod φ). 5 The public key is the pair (n, e); the secret key is d. introduction to cryptography September 7, 2013 26 / 28

RSA Encryption/Decryption crypt Bob does the following: 1 Receive the public key (n, e) from Alice. 2 Represent the message m in the interval [0, n 1]. 3 Compute c = m e (mod n). 4 Send c to Alice. crypt Alice does: 1 Compute m = c d (mod n). introduction to cryptography September 7, 2013 27 / 28

Some concluding remarks Public-key cryptography depends on being able to solve a hard problem in reasonable time. RSA depends on the hardness of integer factorization, where elliptic curve cryptography depends on finding the order of a point on an elliptic curve over a finite field. 1024-bit RSA keys have similar security to 320-bit elliptic curve keys. Your bank probably uses 1024-bit RSA. Lenstra et al. in 2007 factored a 1039-bit number. avid Thomson dthomson@math.carleton.ca (Carleton My briefuniversity) introduction to cryptography September 7, 2013 28 / 28

Some concluding remarks Public-key cryptography depends on being able to solve a hard problem in reasonable time. RSA depends on the hardness of integer factorization, where elliptic curve cryptography depends on finding the order of a point on an elliptic curve over a finite field. 1024-bit RSA keys have similar security to 320-bit elliptic curve keys. Your bank probably uses 1024-bit RSA. Lenstra et al. in 2007 factored a 1039-bit number. Factoring an RSA 768-bit number takes approximately 2000 years of computing power. avid Thomson dthomson@math.carleton.ca (Carleton My briefuniversity) introduction to cryptography September 7, 2013 28 / 28

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback