Public Key Cryptography. Tim van der Horst & Kent Seamons

Similar documents
Last Updated: Oct 14, 2017

B. Definition of an exponential

CS 477/677 Analysis of Algorithms Fall 2007 Dr. George Bebis Course Project Due Date: 11/29/2007

NUMBERS, MATHEMATICS AND EQUATIONS

5 th Grade Goal Sheet

5 th grade Common Core Standards

Differentiation Applications 1: Related Rates

Fall 2013 Physics 172 Recitation 3 Momentum and Springs

Function notation & composite functions Factoring Dividing polynomials Remainder theorem & factor property

5 th Grade Goal Sheet

The Law of Total Probability, Bayes Rule, and Random Variables (Oh My!)

This section is primarily focused on tools to aid us in finding roots/zeros/ -intercepts of polynomials. Essentially, our focus turns to solving.

On small defining sets for some SBIBD(4t - 1, 2t - 1, t - 1)

CHAPTER 2 Algebraic Expressions and Fundamental Operations

Hiding in plain sight

MODULE 1. e x + c. [You can t separate a demominator, but you can divide a single denominator into each numerator term] a + b a(a + b)+1 = a + b

ENSC Discrete Time Systems. Project Outline. Semester

Section 5.8 Notes Page Exponential Growth and Decay Models; Newton s Law

Preparation work for A2 Mathematics [2017]

Five Whys How To Do It Better

AP Statistics Notes Unit Two: The Normal Distributions

Lifting a Lion: Using Proportions

Functions. EXPLORE \g the Inverse of ao Exponential Function

We can see from the graph above that the intersection is, i.e., [ ).

Physical Layer: Outline

ALE 21. Gibbs Free Energy. At what temperature does the spontaneity of a reaction change?

Competency Statements for Wm. E. Hay Mathematics for grades 7 through 12:

LHS Mathematics Department Honors Pre-Calculus Final Exam 2002 Answers

Medium Scale Integrated (MSI) devices [Sections 2.9 and 2.10]

COMP 551 Applied Machine Learning Lecture 11: Support Vector Machines

If (IV) is (increased, decreased, changed), then (DV) will (increase, decrease, change) because (reason based on prior research).

3. Classify the following Numbers (Counting (natural), Whole, Integers, Rational, Irrational)

[COLLEGE ALGEBRA EXAM I REVIEW TOPICS] ( u s e t h i s t o m a k e s u r e y o u a r e r e a d y )

, which yields. where z1. and z2

You need to be able to define the following terms and answer basic questions about them:

Math Foundations 10 Work Plan

MODULE ONE. This module addresses the foundational concepts and skills that support all of the Elementary Algebra academic standards.

Preparation work for A2 Mathematics [2018]

PHYS 314 HOMEWORK #3

8 th Grade Math: Pre-Algebra

Sections 15.1 to 15.12, 16.1 and 16.2 of the textbook (Robbins-Miller) cover the materials required for this topic.

CAUSAL INFERENCE. Technical Track Session I. Phillippe Leite. The World Bank

Putting Scientific Notation to Work

Rangely RE 4 Curriculum Development 5 th Grade Mathematics

Pre-Calculus Individual Test 2017 February Regional

Chapter Summary. Mathematical Induction Strong Induction Recursive Definitions Structural Induction Recursive Algorithms

Dead-beat controller design

T Algorithmic methods for data mining. Slide set 6: dimensionality reduction

Pipetting 101 Developed by BSU CityLab

Kinetic Model Completeness

NAME: Prof. Ruiz. 1. [5 points] What is the difference between simple random sampling and stratified random sampling?

Revisiting the Socrates Example

Hypothesis Tests for One Population Mean

A Few Basic Facts About Isothermal Mass Transfer in a Binary Mixture

A New Evaluation Measure. J. Joiner and L. Werner. The problems of evaluation and the needed criteria of evaluation

Name: Block: Date: Science 10: The Great Geyser Experiment A controlled experiment

The steps of the engineering design process are to:

Relationships Between Frequency, Capacitance, Inductance and Reactance.

Math 105: Review for Exam I - Solutions

Trigonometric Ratios Unit 5 Tentative TEST date

A Quick Overview of the. Framework for K 12 Science Education

The standards are taught in the following sequence.

INSTRUCTIONAL PLAN Day 2

Math Foundations 20 Work Plan

Part 3 Introduction to statistical classification techniques

Building to Transformations on Coordinate Axis Grade 5: Geometry Graph points on the coordinate plane to solve real-world and mathematical problems.

Lab 1 The Scientific Method

Finite Automata. Human-aware Robo.cs. 2017/08/22 Chapter 1.1 in Sipser

Activity Guide Loops and Random Numbers

A solution of certain Diophantine problems

GENESIS Structural Optimization for ANSYS Mechanical

Bootstrap Method > # Purpose: understand how bootstrap method works > obs=c(11.96, 5.03, 67.40, 16.07, 31.50, 7.73, 11.10, 22.38) > n=length(obs) >

WRITING THE REPORT. Organizing the report. Title Page. Table of Contents

Checking the resolved resonance region in EXFOR database

AP Physics. Summer Assignment 2012 Date. Name. F m = = + What is due the first day of school? a. T. b. = ( )( ) =

An Introduction to Complex Numbers - A Complex Solution to a Simple Problem ( If i didn t exist, it would be necessary invent me.

Assessment Primer: Writing Instructional Objectives

Physics 2B Chapter 23 Notes - Faraday s Law & Inductors Spring 2018

Maximum A Posteriori (MAP) CS 109 Lecture 22 May 16th, 2016

Emphases in Common Core Standards for Mathematical Content Kindergarten High School

IAML: Support Vector Machines

THERMAL-VACUUM VERSUS THERMAL- ATMOSPHERIC TESTS OF ELECTRONIC ASSEMBLIES

How do scientists measure trees? What is DBH?

1 The limitations of Hartree Fock approximation

Resampling Methods. Chapter 5. Chapter 5 1 / 52

Lab 11 LRC Circuits, Damped Forced Harmonic Motion

Lecture 24: Flory-Huggins Theory

A Matrix Representation of Panel Data

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

Chapters 29 and 35 Thermochemistry and Chemical Thermodynamics

MATHEMATICS SYLLABUS SECONDARY 5th YEAR

SPH3U1 Lesson 06 Kinematics

Lecture 23: Lattice Models of Materials; Modeling Polymer Solutions

Building Consensus The Art of Getting to Yes

It is compulsory to submit the assignment before filling in the exam form.

Lecture 20a. Circuit Topologies and Techniques: Opamps

Chapter One. Matter and Energy - Chemistry the study of matter and its changes the "central science" Natural Laws

Lab #3: Pendulum Period and Proportionalities

CHAPTER 24: INFERENCE IN REGRESSION. Chapter 24: Make inferences about the population from which the sample data came.

Admin. MDP Search Trees. Optimal Quantities. Reinforcement Learning

Transcription:

Public Key Cryptgraphy Tim van der Hrst & Kent Seamns Last Updated: Oct 5, 2017

Asymmetric Encryptin

Why Public Key Crypt is Cl Has a linear slutin t the key distributin prblem Symmetric crypt has an expnential slutin Send messages t peple yu dn t share a secret key with S nly they can read it They knw it came fr yu

Number Thery

Prime Numbers Definitin: An integer whse nly factrs are 1 and itself There are an infinite number f primes Hw many primes are there? Any large number n has abut a 1 in ln(n) chance f being prime

Prime Number Questins* If everyne needs a different prime number wn t we run ut? Apprximately 10 151 primes 512 bits (r less) Atms in the universe: 10 77 If every atm in the universe needed 1 billin primes every micrsecnd frm the beginning f time until nw yu wuld need 10 109 primes That means there s still abut 10 151 left What if tw peple pick the same prime? Odds are significantly less than the dds f yur cmputer spntaneusly cmbusting at the exact mment yu win the ltt Surce: Applied Cryptgraphy (Schneier)

Prime Number Questins* Culdn t smene create a database f all primes and use that t break public key crypt? Assuming yu culd stre 1 GB/gram, then the weight f a drive cntaining the 512-bit primes wuld exceed the Chandrasar limit and cllapse int a black hle Surce: Applied Cryptgraphy (Schneier)

Prime Factrizatin : The Fundamental Therem f Arithmetic All integers can be expressed as a prduct f (pwers f) primes 48 = 2 * 2 * 2 *2* 3 Factrizatin is the prcess f finding the prime factrs f a number This is a hard prblem fr large numbers

Greatest Cmmn Divisr (GCD) A.k.a., greatest cmmn factr The largest number that evenly divides tw numbers GCD (15, 25) = 5

Relatively Prime Tw numbers x and y are relatively prime if their GCD = 1 N cmmn factrs except 1 Example 38 and 55 are relatively prime 38 = 2 * 19 55 = 5 * 11

Mdular (%) Arithmetic Smetimes referred t as clck arithmetic r arithmetic n a circle Tw numbers a and b are said t be cngruent (equal) mdul N iff (a-b)/n=0 Their difference is divisible by N with n remainder Their difference is a multiple f N a%n º b%n Example: 30 and 40 are cngruent md 10 Mdul peratin Find the remainder (residue) 15 md 10 = 5

Ntatin Z - the set f integers { -2,-1,0,1,2 } Z n - the set f integers mdul n; {0..n-1} Z n * - the multiplicative grup f integers mdul n the set f integers mdul n that are relatively prime t n Z n * is clsed under multiplicatin md n Z n * des nt cntain 0 since the GCD(0,n)=n Z 10 * =? Z 12 * =? Z 14 * =?

Additive Inverse In Z, the additive inverse f 3 is -3, since 3 + -3 = 0, the additive identity. In Z n, the additive inverse f a is n-a, since a+(n-a) = n, which is cngruent t 0 (md n). What is the additive inverse f 4 md 10?

Multiplicative Inverse In Z, the multiplicative inverse f 3 is 1/3, since 3*1/3=1 The multiplicative identity in bth Z and Z n is 1 The multiplicative inverse f 3 md 10 is 7, since 3*7=21=1 (md 10) This culd be written 3-1, r (rarely) 1/3

Distributive Prperty Distributin in + and * Mdular arithmetic is distributive. a+b (md n) = (a md n) + (b md n) (md n)

Big Examples What is the sum f these numbers mdul 20? 1325104987134069812734109243861723406983176 1346139046817340961834764359873409884750983 3632462309486723465794078340898340923876314 3641346983862309587235093857324095683753245 + 2346982743069384673469268723406982374936877

Big Examples What is the prduct f these numbers mdul 25? 1234659823572938572 2139582753931306947 1398173619384713413 2496827464249812355 2436781359183781379 * 1351839761361377050

Mdular Expnentiatin Prblems f the frm c = b e md m given base b, expnent e, and mdulus m If b, e, and m are nn-negative and b < m, then a unique slutin c exists and has the prperty 0 c < m Fr example, 12 = 5 2 md 13 Mdular expnentiatin prblems are easy t slve, even fr very large numbers Hwever, slving the discrete lgarithm (finding e given c, b, and m) is believed t be difficult

Brute Frce Methd The mst straightfrward methd t calculating a mdular expnent is t calculate b e directly, then t take this number mdul m. Cnsider trying t cmpute c, given b = 4, e = 13, and m = 497: One culd use a calculatr t cmpute 4 13 ; this cmes ut t 67,108,864. Taking this value mdul 497, the answer c is determined t be 445. Nte that b is nly ne digit in length and that e is nly tw digits in length, but the value b e is 10 digits in length. In strng cryptgraphy, b is ften at least 256 binary digits (77 decimal digits). Cnsider b = 5 * 10 76 and e = 17, bth f which are perfectly reasnable values. In this example, b is 77 digits in length and e is 2 digits in length, but the value b e is 1304 decimal digits in length. Such calculatins are pssible n mdern cmputers, but the sheer enrmity f such numbers causes the speed f calculatins t slw cnsiderably. As b and e increase even further t prvide better security, the value b e becmes unwieldy. The time required t perfrm the expnentiatin depends n the perating envirnment and the prcessr. If expnentiatin is perfrmed as a series f multiplicatins, then this requires O(e) time t cmplete. Surce: wikipedia mdular expnentiatin

Diffie Hellman Prject Write yur wn mdular expnentiatin rutine Use a bignum library Divide and cnquer algrithm O(lg e)

Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange Allws tw users t establish a secret key ver an insecure medium withut any prir secrets Tw system parameters p and g. Public values that may be used by all the users in a system Parameter p is a large prime number Parameter g (usually called a generatr) is an integer less than p, such that fr every number n with 0 < n < p, there is a pwer k f g such that n = g k md p g is primitive rt

Diffie-Hellman Key Exchange Suppse Alice and Bb want t establish a shared secret key Alice and Bb agree n r use public values p,g p is a large prime number g is a generatr Alice generates a randm private value a and Bb generates a randm private value b where a and b are integers Alice and Bb derive their public values using parameters p and g and their private values Alice's public value = g a md p Bb s public value is g b md p Alice and Bb exchange their public values Alice cmputes g ba = (g b ) a md p Bb cmputes g ab = (g a ) b md p Since g ab = g ba = k, Alice and Bb nw have a shared secret key k

A Crwded Rm f a=50 5 50 % 47 = 14 Mathematicians 31 50 % 47 = 18 g=5 P=47 b=49 5 49 % 47 = 31 14 49 % 47 = 18 14 31

Why is DH Secure? Discrete lgarithm prblem Inverse f mdular expnentiatin c = b e md m e is called the discrete lgarithm Slving the discrete lgarithm (finding e given c, b, and m) is believed t be difficult fr large numbers

Attacks Against DH Diffie-Hellman Key Exchange is secure against a passive attacker Hw can an active attacker disrupt the prtcl? Man in the middle Mdify Alice/Bb public values as they are exchanged Replace with Mallry s public values Replace with the value 1 Replace with h, where h has a small rder

Practical Cnsideratins Chse a safe prime p where p=2q+1 where q is als prime Hw big shuld p be? 2048 bits (Surce: Cryptgraphy Engineering, Fergusn et al.) Use p, q, and g fr perfrmance reasns (smaller subgrup) Check public values fr security prperties Public values nt equal t 1 Public values that d nt belng in t small a grup Hash final result f DH t generate a shared key fr Alice/Bb Hw t frtify the prtcl against active attackers? Create a certified list f public values Use digitally signed public parameters

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback