Hans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009. References. References

Similar documents
CRYPTOGRAPHY AND NUMBER THEORY

Introduction to Cybersecurity Cryptography (Part 4)

Introduction to Cybersecurity Cryptography (Part 4)

Mathematical Foundations of Public-Key Cryptography

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Public Key Cryptography

CIS 551 / TCOM 401 Computer and Network Security

Lecture 1: Introduction to Public key cryptography

Cryptography IV: Asymmetric Ciphers

Chapter 8 Public-key Cryptography and Digital Signatures

Asymmetric Encryption

Topics in Cryptography. Lecture 5: Basic Number Theory

CPSC 467b: Cryptography and Computer Security

Public Key Cryptography

An Introduction to Probabilistic Encryption

Introduction to Cryptography. Lecture 8

Chapter 4 Asymmetric Cryptography

Asymmetric Cryptography

Mathematics of Cryptography

Introduction to Cryptography. Lecture 6

Public-Key Cryptosystems CHAPTER 4

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

ECE596C: Handout #11

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

CHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30

Lecture Notes, Week 6

A. Algebra and Number Theory

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

1 Number Theory Basics

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

ECE 646 Lecture 9. RSA: Genesis, operation & security

Eindhoven University of Technology MASTER. Kleptography cryptography with backdoors. Antheunisse, M. Award date: 2015

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

Discrete mathematics I - Number theory

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

CSc 466/566. Computer Security. 5 : Cryptography Basics

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Cryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

Number theory (Chapter 4)

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Week 7 An Application to Cryptography

10 Public Key Cryptography : RSA

My brief introduction to cryptography

Public Key Cryptography

Solution to Midterm Examination

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

MATH3302 Cryptography Problem Set 2

Number Theory & Modern Cryptography

Biomedical Security. Some Security News 9/17/2018. Erwin M. Bakker. Blockchains are not safe for voting (slashdot.org) : From: paragonie.

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30

Introduction to Cryptography k. Lecture 5. Benny Pinkas k. Requirements. Data Integrity, Message Authentication

Carmen s Core Concepts (Math 135)

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM

Leftovers from Lecture 3

The RSA cryptosystem and primality tests

Public Key Encryption

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Fundamentals of Modern Cryptography

Classical Cryptography

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

RSA RSA public key cryptosystem

An Introduction to Cryptography

All-Or-Nothing Transforms Using Quasigroups

Family of PRGs based on Collections of Arithmetic Progressions

CPSC 467: Cryptography and Computer Security

Cryptography. P. Danziger. Transmit...Bob...

TECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 30 October 2018

New Variant of ElGamal Signature Scheme

Cryptography and Number Theory

Network Security Based on Quantum Cryptography Multi-qubit Hadamard Matrices

8.1 Principles of Public-Key Cryptosystems

CS483 Design and Analysis of Algorithms

and Other Fun Stuff James L. Massey

EXAM IN. TDA352 (Chalmers) - DIT250 (GU) 18 January 2019, 08:

Biomedical Security. Overview 9/15/2017. Erwin M. Bakker

Introduction to Cybersecurity Cryptography (Part 5)

Math.3336: Discrete Mathematics. Mathematical Induction

Question: Total Points: Score:

Numbers. Çetin Kaya Koç Winter / 18

Notes for Lecture 17

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography

Discrete Mathematics GCD, LCM, RSA Algorithm

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Number Theory and Algebra: A Brief Introduction

Introduction to Public-Key Cryptosystems:

Elliptic curves: Theory and Applications. Day 4: The discrete logarithm problem.

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

Great Theoretical Ideas in Computer Science

Number Theory and Group Theoryfor Public-Key Cryptography

10 Modular Arithmetic and Cryptography

Practice Assignment 2 Discussion 24/02/ /02/2018

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

Elementary Number Theory MARUCO. Summer, 2018

Transcription:

Hans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009 Die Unterlagen sind ausschliesslich zum persoenlichen Gebrauch der Vorlesungshoerer bestimmt. Die Herstellung von elektronischen und konventionellen Kopien oder eine andere Verwendung sind nicht gestattet. References Lehrbuch zur Vorlesung [DelKne07] H. Delfs, H. Knebl: Introduction to Cryptography - Principles and Applications. 2nd edition. Berlin, Heidelberg, New York: Springer-Verlag, 2002. Chapters 1 3,4.1, pp. 1 91; Appendix A, pp. 289 310. Further References 7 Further References 8 References Weitere Lehrbuecher: [Buchmann2000] J.A. Buchmann: Introduction to Cryptography. Berlin, Heidelberg, New York: Springer-Verlag, 2000. [DaeRij02] J. Daemen, V. Rijmen: The Design of Rijndael - AES - The Advanced Encryption Standard. Berlin, Heidelberg, New York: Springer-Verlag, 2002. [MenOorVan96] A. Menezes, P.C. van Oorschot, S.A. Vanstone: Handbook of Applied Cryptography. Boca Raton, New York, London, Tokyo: CRC-Press, 1996. [Schwenk05] J. Schwenk: Sicherheit im Internet. 2. Auflage, Vieweg, 2005. [Stallings03] W. Stallings: Cryptography and Network Security - Principles and Practices. Prentice Hall, 2003. [Stinson95] D.R. Stinson: Cryptography - Theory and Practice. Boca Raton, New York, London, Tokyo: CRC-Press, 1995.

INTRODUCTION 2 INTRODUCTION 3 Encryption and Secrecy The fundamental and classical task of cryptography is to provide confidentiality by encryption methods. The message to be transmitted it can be some text, numerical data, an executable program or any other kind of information is called the plaintext. Alice encrypts the plaintext m and obtains the ciphertext c. The ciphertext c is transmitted to Bob. Bob turns the ciphertext back into the plaintext by decryption. To decrypt, Bob needs some secret information, a secret decryption key. Every encryption method provides an encryption algorithm E and a decryption algorithm D. In classical encryption schemes, both algorithms depend on the same secret key k. This key k is used for both encryption and decryption. These encryption methods are therefore called symmetric. For example, in Caesar s cipher the secret key is the offset 3 of the shift. We have D(k, E(k, m)) = m for each plaintext m. INTRODUCTION 4 INTRODUCTION 5 In 1976, W. Diffie and M.E. Hellman published their famous paper, New Directions in Cryptography. There they introduced the revolutionary concept of public-key cryptography. They provided a solution to the long standing problem of key exchange and pointed the way to digital signatures. The public-key encryption methods are asymmetric. Each recipient of messages has his personal key k =(pk, sk), consisting of two parts: pk is the encryption key and is made public, sk is the decryption key and is kept secret. If Alice wants to send a message m to Bob, she encrypts m by use of Bob s publicly known encryption key pk. Bob decrypts the ciphertext by use of his decryption key sk, which is known only to him. We have The Objectives of Cryptography Providing confidentiality is not the only objective of cryptography. Cryptography is also used to provide solutions for other problems: 1. Data integrity. 2. Authentication. 3. Non-repudiation. D(sk, E(pk, m)) = m.

INTRODUCTION 6 INTRODUCTION 7 There are symmetric as well as public-key methods to ensure the integrity of messages. Classical symmetric methods require a secret key k that is shared by sender and receiver. The message m is augmented by a message authentication code (MAC). The code is generated by an algorithm and depends on the secret key. The augmented message (m, MAC (k, m)) is protected against modifications. The receiver may test the integrity of an incoming message (m, m) by checking whether MAC (k, m) =m. Message authentication codes may be implemented by keyed hash functions. Digital signatures require public-key methods. As with classical handwritten signatures, they are intended to provide authentication and non-repudiation. If Alice wants to sign the message m, she applies the algorithm Sign with her secret key sk and gets the signature Sign(sk, m). Bob receives a signature s for message m, and may then check the signature by testing whether with Alice s public key pk. Verify(pk,s,m)=ok, SYMMETRIC ENCRYPTION 14 SYMMETRIC ENCRYPTION 15 Definition 1. A symmetric-key encryption scheme consists of a map such that for each k K, the map E : K M C, Symmetric-Key Encryption E k : M C, m E(k, m) is invertible. The inverse function D k := E 1 k is called the decryption function. It is assumed that efficient algorithms to compute E k and D k exist. The key k is shared between the communication partners and kept secret. A basic security requirement for the encryption map E is that without knowing the key k, it should be impossible to successfully execute the decryption function D k. Important examples of symmetric-key encryption schemes Vernam s one-time pad, DES and AES are given below.

SYMMETRIC ENCRYPTION 16 SYMMETRIC ENCRYPTION 17 Stream Ciphers Definition 2. Let K be a set of keys and M be a set of plaintexts. In this context, the elements of M are called characters. A stream cipher E : K M C,E (k, m) :=c := c 1 c 2 c 3... encrypts a stream m := m 1 m 2 m 3... M of plaintext characters m i M as a stream c := c 1 c 2 c 3... C of ciphertext characters c i C by using a key stream k := k 1 k 2 k 3... K,k i K. The plaintext stream m = m 1 m 2 m 3... is encrypted character by character. For this purpose, there is an encryption map E : K M C, which encrypts the single plaintext characters m i with the corresponding key character k i : c i = E ki (m i )=E(k i,m i ),i=1, 2,... Typically, the characters in M and C and the key elements in K are binary digits or bytes. SYMMETRIC ENCRYPTION 18 SYMMETRIC ENCRYPTION 19 Block Ciphers Vernam s One-Time Pad. The most famous example of a stream cipher is Vernam s one-time pad (see [Vernam19] and [Vernam26]). It is easy to describe. Plaintexts, keys and ciphertexts are bit strings. To encrypt a message m := m 1 m 2 m 3..., where m i {0, 1}, a key stream k := k 1 k 2 k 3..., with k i {0, 1}, is needed. Encryption and decryption are given by bitwise XORing with the key stream: E (k, m) :=k m and D (k, c) :=k c. Definition 3. A block cipher is a symmetric-key encryption scheme with M = C = {0, 1} n and key space K = {0, 1} r : E : {0, 1} r {0, 1} n {0, 1} n. Using a secret key k of binary length r, the encryption algorithm E encrypts plaintext blocks of a fixed binary length n and the resulting ciphertext blocks also have length n. n is called the block length of the cipher. Typical block lengths are 64 (as in DES) or 128 (as in AES), typical key lengths are 56 (as in DES) or 128, 192 and 256 (as in AES).

SYMMETRIC ENCRYPTION 43 SYMMETRIC ENCRYPTION 44 Electronic Codebook Mode In this mode, we have r = n. The electronic codebook mode is implemented by the following algorithm: Algorithm 6. bitstring ecbencrypt(bitstring m) 1 divide m into m 1...m l 2 for i 1tol do 3 c i E k (m i ). 4 return c 1...c l For decryption, the same algorithm can be used with the decryption function E 1 k in place of E k. Cipher-Block Chaining Mode In this mode, we have r = n. Encryption in the cipher-block chaining mode is implemented by the following algorithm: Algorithm 7. bitstring cbcencrypt(bitstring m) 1 select c 0 {0, 1} n at random 2 divide m into m 1...m l 3 for i 1tol do 4 c i E k (m i c i 1 ) 5 return c 0 c 1...c l ALGEBRA AND NUMBER THEORY 51 ALGEBRA AND NUMBER THEORY 52 The Euclidean Algorithm. Let a, b Z, a>b>0. The greatest common divisor gcd(a, b) can be computed by an iterated division with remainder. Let r 0 := a, r 1 := b and r 0 = q 1 r 1 + r 2, 0 <r 2 <r 1, r 1 = q 2 r 2 + r 3, 0 <r 3 <r 2,.. r k 1 = q k r k + r k+1, 0 <r k+1 <r k,. r n 2 = q n 1 r n 1 + r n, 0 <r n <r n 1, r n 1 = q n r n + r n+1, 0=r n+1. By construction, r 1 >r 2 >... Therefore, the remainder becomes 0 after a finite number of steps. The last remainder 0 is the greatest common divisor, as is shown in the next proposition. In this way, we have derived the following algorithm, called the extended Euclidean algorithm. On inputs a and b it outputs the greatest common divisor and the coefficients d and e of the linear combination gcd(a, b) =da + eb.

ALGEBRA AND NUMBER THEORY 55 ALGEBRA AND NUMBER THEORY 58 Residues The Binary Encoding of Numbers. The sequence z k 1 z k 2...z 1 z 0 of bits z i {0, 1}, 0 i k 1, is the encoding of k 1 n = z 0 + z 1 2 1 +...+ z k 2 2 k 2 + z k 1 2 k 1 = z i 2 i. i=0 In public-key cryptography, we usually have to compute with remainders modulo n. This means that the computations take place in the residue class ring Z n. Definition 15. Let n N,n 2: 1. a, b Z are congruent modulo n, written as a b mod n, if n divides a b. This means that a and b have the same remainder when divided by n: a mod n = b mod n. 2. Let a Z. [a] :={x Z x a mod n} is called the residue class of a modulo m. 3. Z n := {[a] a Z} is the set of residue classes modulo n. ALGEBRA AND NUMBER THEORY 59 ALGEBRA AND NUMBER THEORY 60 Definition 16. By defining addition and multiplication as [a]+[b] =[a + b] and [a] [b] =[a b], Z n becomes a commutative ring, with unit element [1]. It is called the residue class ring modulo n. Definition 17. Let R be a commutative ring with unit element e. An element x R is called a unit if there is an element y R with x y = e. We call y a multiplicative inverse of x. The subset of units is denoted by R. Remark. The multiplicative inverse of a unit x is uniquely determined, and we denote it by x 1. The set of units R is a subgroup of R with respect to multiplication.

ALGEBRA AND NUMBER THEORY 61 ALGEBRA AND NUMBER THEORY 62 Proposition 18. An element [x] Z n is a unit if and only if gcd(x, n) =1. The multiplicative inverse [x] 1 of a unit [x] can be computed using the extended Euclidean algorithm. Corollary 19. Let p be a prime. Then every [x] [0] in Z p is a unit. Thus, Z p is a field. ALGEBRA AND NUMBER THEORY 63 ALGEBRA AND NUMBER THEORY 64 Definition 20. The subgroup Z n := {x Z n x is a unit in Z n } of units in Z n is called the prime residue class group modulo n. Definition 21. Let M be a finite set. The number of elements in M is called the cardinality or order of M. It is denoted by M. We introduce the Euler phi function, which gives the number of units modulo n. Definition 22. ϕ : N N, n Z n is called the Euler phi function or the Euler totient function.

ALGEBRA AND NUMBER THEORY 65 ALGEBRA AND NUMBER THEORY 66 Proposition 23 (Euler). ϕ(d) =n. d n Corollary 24. Let p be a prime and k N. Then ϕ(p k )=p k 1 (p 1). Proposition 25. Let G be a finite group and e be the unit element of G. Then x G = e for all x G. Proof. By Euler s result, ϕ(1) + ϕ(p)+...+ ϕ(p k )=p k and ϕ(1) + ϕ(p)+...+ ϕ(p k 1 )=p k 1. Subtracting both equations yields ϕ(p k )=p k p k 1 = p k 1 (p 1). ALGEBRA AND NUMBER THEORY 67 ALGEBRA AND NUMBER THEORY 75 Proposition 26 (Fermat). Let p be a prime and a Z be a number that is prime to p (i.e. p does not divide a). Then a p 1 1modp. Proposition 27 (Euler). Let n N and let a Z be a number that is prime to n. Then a ϕ(n) 1modn. Primitive Roots and the Discrete Logarithm Definition 33. Let G be a finite group and let e be the unit element of G. Let x G. The smallest n N with x n = e is called the order of x. We write this as ord(x).

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback