DM49-2. Obligatoriske Opgave

Similar documents
The security of RSA (part 1) The security of RSA (part 1)

Lecture 1: Introduction to Public key cryptography

Practice Assignment 2 Discussion 24/02/ /02/2018

Cryptography. pieces from work by Gordon Royle

Discrete Mathematics GCD, LCM, RSA Algorithm

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

Chapter 8 Public-key Cryptography and Digital Signatures

Lecture 22: RSA Encryption. RSA Encryption

Public Key Cryptography

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Public-Key Cryptosystems CHAPTER 4

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.

Number theory (Chapter 4)

COMP4109 : Applied Cryptography

basics of security/cryptography

Implementation Tutorial on RSA

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Math 430 Midterm II Review Packet Spring 2018 SOLUTIONS TO PRACTICE PROBLEMS

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

MATH 158 FINAL EXAM 20 DECEMBER 2016

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Week 7 An Application to Cryptography

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

CPSC 467b: Cryptography and Computer Security

Exam Security January 19, :30 11:30

Cryptography. P. Danziger. Transmit...Bob...

Homework 4 for Modular Arithmetic: The RSA Cipher

Cryptography IV: Asymmetric Ciphers

Public Key Encryption

Mathematics of Cryptography

Lecture Notes, Week 6

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

RSA RSA public key cryptosystem

Public Key Cryptography

Introduction to Public-Key Cryptosystems:

Introduction to Modern Cryptography. Benny Chor

Introduction. What is RSA. A Guide To RSA by Robert Yates. Topics

University of Regina Department of Mathematics & Statistics Final Examination (April 21, 2009)

Asymmetric Cryptography

Chapter 4 Asymmetric Cryptography

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

CPSC 467: Cryptography and Computer Security

10 Public Key Cryptography : RSA

CPSC 467b: Cryptography and Computer Security

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

Elementary Number Theory MARUCO. Summer, 2018

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

CRYPTOGRAPHY AND NUMBER THEORY

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Ma/CS 6a Class 3: The RSA Algorithm

CPSC 467b: Cryptography and Computer Security

Cryptography and Secure Communication Protocols

Iterated Encryption and Wiener s attack on RSA

CPSC 467b: Cryptography and Computer Security

Algorithmic Number Theory and Public-key Cryptography

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Mathematical Foundations of Public-Key Cryptography

Attacks on RSA & Using Asymmetric Crypto

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Introduction to Modern Cryptography. Benny Chor

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

RSA Algorithm. Factoring, EulerPhi, Breaking RSA. Çetin Kaya Koç Spring / 14

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

RSA-256bit 數位電路實驗 TA: 吳柏辰. Author: Trumen

Number Theory & Modern Cryptography

NET 311D INFORMATION SECURITY

RSA. Ramki Thurimella

Solution to Midterm Examination

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

Math Circles Cryptography

5199/IOC5063 Theory of Cryptology, 2014 Fall

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Chapter 11 : Private-Key Encryption

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

Introduction to Cybersecurity Cryptography (Part 5)

CHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30

Univ.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.

ENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

Written examination. Tuesday, August 18, 2015, 08:30 a.m.

Asymmetric Encryption

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

ECE 646 Lecture 5. Motivation: Mathematical Background: Modular Arithmetic. Public-key ciphers. RSA keys. RSA as a trap-door one-way function

Solution to Problem Set 3

ASYMMETRIC ENCRYPTION

Solutions to the Mathematics Masters Examination

dit-upm RSA Cybersecurity Cryptography

University of Tokyo: Advanced Algorithms Summer Lecture 6 27 May. Let s keep in mind definitions from the previous lecture:

CPSC 467: Cryptography and Computer Security

19. Coding for Secrecy

NUMBER THEORY FOR CRYPTOGRAPHY

Solving Systems of Modular Equations in One Variable: How Many RSA-Encrypted Messages Does Eve Need to Know?

A new security notion for asymmetric encryption Draft #12

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

Transcription:

DM49-2. Obligatoriske Opgave Jacob Christiansen, moffe42, 130282 Thomas Nordahl Pedersen, nordahl, 270282 1/4-05

Indhold 1 Opgave 1 - Public Exponent 2 1.1 a.................................. 2 1.2 b.................................. 2 1.3 c.................................. 3 2 Opgave 2 - Block size 4 2.1 a.................................. 4 2.2 b.................................. 4 3 Opgave 3 - Primitive Element 5 4 Opgave 4 - Common Factor 6 5 Opgave 5 - Common modulus Protocol failure 7 5.1 a.................................. 7 5.2 b.................................. 8 A Source Code 9 A.1 inverse.java............................ 9 1

1 Opgave 1 - Public Exponent With RSA, there are often recommendations to use a public exponent e = 3. 1.1 a What would the advantage to this be? If the public exponent i chosen to be 3, then it is quite easy and fast to calculate the private exponent. Page 170 states that the running time for calculating the inverse, is k 3 where k is the number of bits. Since 3 only uses 2 bits the calculation is quite fast. 1.2 b If e = 3, the two prime factors dividing the modulus, p and q, must be such that p q 2 (mod 3). Why is it impossible to have one or both of p and q congruent to 0 or 1 modulo 3? p q φ(n) = (p 1)(q 1) gdc(φ(n), 3) 0 0 (3r 1)(3s 1) = 3(3rs + r + s) + 1 1 0 1 (3r 1)(3s) = 3(3rs + s) 3 0 2 (3r 1)(3s + 1) = 3(3rs + r s 1) + 2 1 1 1 (3r)(3s) = 3(3rs) 3 1 2 (3r)(3s + 1) = 3(3rs + r) 3 2 2 (3r + 1)(3s + 1) = 3(3rs + r + s) + 1 1 It is a requirement that the gcd(φ(n), 3) = 1, because otherwise the decryption exponent can not be found. If p 0 (mod 3) and/or q 0 (mod 3) then the one or both primes are divisible by 3, and the only way this can be true is if the two primes are both 3, which is not good, because the two primes has to be large. In the case where p and q are both congruent to 1(zero) modulo 3, the gcd is 3, which means that the inverse modulo φ(n) can not be found. If one of the factors is congruent to 1 and the other is congruent to 2 (mod 3), the gcd is also 3. And again the inverse can not be found. If both the factors are congruent to 2 (mod 3), the gcd is 1 and the inverse can be found. 2

So a decryption exponent can only be found if the primes are congruent to 2 (mod 3) or one or both are equal to 3, which would make the system insecure. 1.3 c Suppose that e = 3, p = 3r + 2 and q = 3s + 2. What would the decryption exponent d be? The easiest way to calculate the exponent is to use algorithm 5.3 i the textbook, which calculate the multiplicative inverse. We used the algorithm by hand to calculate 3 1 (mod φ(n)) and got the following: φ(n) = 3(3rs + r + s) + 1. We use x = 3rs + r + s for convenience. a 0 = 3x + 1, b 0 = 3, q = x, r = 1, t 0 = 0, t = 1 temp = x(mod3x + 1) = 2x + 1, t 0 = 1, t = 2x + 1, a 0 = 3, b 0 = 1, q = 3, r = 0 Then the algorithm returns the inverse (the decryption exponent): t = 2x + 1 = 2(3rs + r + s) + 1 3

2 Opgave 2 - Block size Suppose that user A wants to send a message sɛ{s 1, s 2,..., s k } to user B, where s i < 1024 for 1 i k. Assume that RSA is secure (when the modulus is large enough and is the product of two equal length prime factors). 2.1 a Why would you still advise user A not to use RSA directly? Say that someone (Oscar) intercepts the encrypted message y i = s e i. If O finds out that s i is less than 1024, he can find s i by encrypting all values between 0 and 1023 and comparing them to the value y i. This can be done in O(1024 log(e) 10 2 ) = O(log(e)) time. 2.2 b What would you recommend instead, if you still wanted to use RSA? The blocks encrypted and send to user B should be as large as possible. The system would be more secure if the blocks {s 1, s 2,..., s k } where concatenated into as large blocks as possible before encrypted. If user A wishes to use RSA and only send the small blocks one at a time, this can be done by chosing random bits put in front or behind the block when encrypted, assuming that user B knows which bits are to be used. 4

3 Opgave 3 - Primitive Element Find a primitive element (generator) in the multiplicative group modulo 103(Z 103 ) and show that it is a primitive element. We use theorem 5.8 to find a primitive element. 103-1 is easily divided into prime factors. 103 1 = 102 = 2 3 17 We first try 2 as the primitve element, but in the first try it is seen t- hat 2 is not a primitive element. 3 is also ruled out after the second try. We then skip forward to 5 and see that 5 holds for all the prime factors of 102. So 5 is a primitive element in the multiplicative group modulo 103. 2 102 3 102 3 102 5 102 5 102 5 102 2 = 2 51 1 (mod 103) 2 = 3 51 102 (mod 103) 3 = 3 34 1 (mod 103) 2 = 5 51 102 (mod 103) 3 = 5 34 56 (mod 103) 17 = 5 6 72 (mod 103) 5

4 Opgave 4 - Common Factor Suppose we have a set of blocks encoded with the RSA algorithm and we do not have the private key. Assume (n = pq, e) is the public key. Suppose also that someone tells us they know one of the plaintext blocks has a common factor with n. Does this help us find the plaintext used to produce these blocks? If so, how? If not, why not? The fact that one of the blocks have a common factor with n gives us that n and the block has a common divisor. Then we can assume that if the gcd of n and a block is larger than 1, then the gcd is also a factor of n. This means that we can factor n in the time it takes to find the gcd of n and each of the blocks. If n is a number represented by 1024 bits, then the gcd of n and a block can be found in O(1024 2 ) (page 169). So the decryption exponent can easily be computed and the plaintext found. 6

5 Opgave 5 - Common modulus Protocol failure In this exercise we are to illustrate the common modulus protocol failure. If the same plainhtext are to be send to two different recipients who both uses RSA encryption with the same n, but different e and gcd(e 1, e 2 ) = 1, then it is posible to decode the message. The opponent has to recive both ciphertexts. If he is able to do that, then he can use algorithm 5.16 p. 223 i the textbook to decipher and thereby read the plaintext. 5.1 a Prove that the value x 1 computed in Algorithm 5.16 is in fact Alice s plaintext, x 2. We have to prove that: x 2 = y C 1 1 (yc 2 2 ) 1 (mod n) Prof: y C 1 1 (x b 1 1 ) C 1 x b 1C 1 1 (mod n) y C 2 2 (x b 2 1 ) C 2 x b 2C 2 1 (mod n) (y C 2 2 ) 1 ((x b 2 1 ) C 2 ) 1 x b 2C 2 1 (mod n) x 2 = y C 1 1 (yc 2 2 ) 1 x b 1C 1 1 x b 2C 2 1 x b 1C 1 b 2 C 2 1 (mod n) b 1 C 1 1 (mod b 2 ) b 2 C 2 = C 1 b 1 1 = 0 b 1 C 1 b 2 C 2 = 1 x 2 = x b 1C 1 b 2 C 2 1 x 1 1 (mod n) = x 1 7

5.2 b Illustrate the attack by computing x by method if: n = 18721, b 1 = 43, b 2 = 7717, y 1 = 12677, y 2 = 14702 b 1 1 (mod b 2 ) is calculated by the program Invers, listed in appendix A. C 1 = b 1 1 (mod b 2 ) = 2692 C 2 = (2692 43 1)/7717 = 15 x 1 = 12677 2692 (14702 15 ) 1 (mod 18721) = 15001 8

A Source Code A.1 inverse.java The program is implemented using Algorithm 5.3 public class inverse { public static void main( String[] args ) { int a = Integer.parseInt(args[0]); int a0 = Integer.parseInt(args[0]); int b0 = Integer.parseInt(args[1]); int t0 = 0; int t = 1; int q = a0/b0; int r = a0 - q*b0; int temp; } } while( r>0 ) { temp = (t0 - q*t) % a; t0 = t; t = temp; a0 = b0; b0 = r; q = a0/b0; r = a0 - q*b0; } if( r!=0 ) System.out.println("No inverse."); else System.out.println("Invers is: " + t); 9

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback