Private Key Cryptography. Fermat s Little Theorem. One Time Pads. Public Key Cryptography

Similar documents
Combinatorics. But there are some standard techniques. That s what we ll be studying.

Combinatorics. Problem: How to count without counting.

Linear Congruences. The equation ax = b for a, b R is uniquely solvable if a 0: x = b/a. Want to extend to the linear congruence:

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Number theory (Chapter 4)

Lecture Notes, Week 6

Math.3336: Discrete Mathematics. Mathematical Induction

Lecture 1: Introduction to Public key cryptography

Simple Math: Cryptography

CPSC 467b: Cryptography and Computer Security

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

CPSC 467b: Cryptography and Computer Security

RSA RSA public key cryptosystem

8 Elliptic Curve Cryptography

My brief introduction to cryptography

Solutions to the Midterm Test (March 5, 2011)

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

CIS 551 / TCOM 401 Computer and Network Security

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

The RSA cryptosystem and primality tests

Cryptography. P. Danziger. Transmit...Bob...

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Mathematics of Public Key Cryptography

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013

Introduction to Modern Cryptography. Lecture RSA Public Key CryptoSystem 2. One way Trapdoor Functions

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Public-key Cryptography and elliptic curves

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

Great Theoretical Ideas in Computer Science

Public-Key Cryptosystems CHAPTER 4

9 Knapsack Cryptography

Discrete Mathematics GCD, LCM, RSA Algorithm

Chapter 8 Public-key Cryptography and Digital Signatures

CSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography

19. Coding for Secrecy

10 Modular Arithmetic and Cryptography

Jong C. Park Computer Science Division, KAIST

Introduction to Modern Cryptography. Benny Chor

Foundations of Network and Computer Security

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Introduction to Cryptography. Lecture 6

Elementary Number Theory MARUCO. Summer, 2018

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

OWO Lecture: Modular Arithmetic with Algorithmic Applications

CPSC 467b: Cryptography and Computer Security

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

Week 7 An Application to Cryptography

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Introduction to Public-Key Cryptosystems:

Lecture 11 - Basic Number Theory.

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

Encryption: The RSA Public Key Cipher

download instant at

Biomedical Security. Some Security News 9/17/2018. Erwin M. Bakker. Blockchains are not safe for voting (slashdot.org) : From: paragonie.

Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30

You separate binary numbers into columns in a similar fashion. 2 5 = 32

One can use elliptic curves to factor integers, although probably not RSA moduli.

ASYMMETRIC ENCRYPTION

ORDERS OF ELEMENTS IN A GROUP

ECE596C: Handout #11

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Math Circles Cryptography

10 Concrete candidates for public key crypto

The Elliptic Curve in https

Powers in Modular Arithmetic, and RSA Public Key Cryptography

Introduction to Modern Cryptography. Benny Chor

Introduction to Elliptic Curve Cryptography. Anupam Datta

Homework 4 for Modular Arithmetic: The RSA Cipher

Topics in Cryptography. Lecture 5: Basic Number Theory

Public Key Encryption

Attempt QUESTIONS 1 and 2, and THREE other questions. penalised if you attempt additional questions.

Mathematical Foundations of Public-Key Cryptography

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Public Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.

1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation

Public-key Cryptography and elliptic curves

Cryptography: Joining the RSA Cryptosystem

CS March 17, 2009

Public-Key Encryption: ElGamal, RSA, Rabin

Theory of Computation Chapter 12: Cryptography

Cryptography. pieces from work by Gordon Royle

RECOGNIZING GALOIS GROUPS S n AND A n

Chapter 4 Asymmetric Cryptography

Asymmetric Cryptography

Notes 10: Public-key cryptography

Number Theory A focused introduction

University of New Mexico Department of Computer Science. Midterm Examination. CS 261 Mathematical Foundations of Computer Science Spring, 2010

basics of security/cryptography

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

CRYPTOGRAPHY AND NUMBER THEORY

ENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange

Public Key Algorithms

Public Key Cryptography

Eindhoven University of Technology MASTER. Kleptography cryptography with backdoors. Antheunisse, M. Award date: 2015

Transcription:

Fermat s Little Theorem Private Key Cryptography Theorem 11 (Fermat s Little Theorem): (a) If p prime and gcd(p, a) = 1, then a p 1 1 (mod p). (b) For all a Z, a p a (mod p). Proof. Let A = {1, 2,..., p 1} B = {1a mod p, 2a mod p,..., (p 1)a mod p} Claim: A = B. 0 / B, since p ja, so B A. If i j, then ia mod p ja mod p since p (j i)a Thus B = p 1, so A = B. Therefore, Π i A i Π i B i (mod p) (p 1)! a(2a) (p 1)a = (p 1)! a p 1 (mod p) p (a p 1 1)(p 1)! p (a p 1 1) [since gcd(p, (p 1)!) = 1] a p 1 1 (mod p) It follows that a p a (mod p) This is true even if gcd(p, a) 1; i.e., if p a Why is this being taught in a CS course? 1 Alice (aka A) wants to send an encrypted message to Bob (aka B). A and B might share a private key known only to them. The same key serves for encryption and decryption. Example: Caesar s cipher f(m) = m + 3 mod 26 (shift each letter by three) WKH EXWOHU GLG LW THE BUTLER DID IT This particular cryptosystem is very easy to solve Idea: look for common letters (E, A, T, S) 2 One Time Pads Public Key Cryptography Some private key systems are completely immune to cryptanalysis: A and B share the only two copies of a long list of random integers s i for i = 1,..., N. A sends B the message {m i } n i=1 encrypted as: c i = (m i + s i ) mod 26 B decrypts A s message by computing c i s i mod 26. The good news: bulletproof cryptography The bad news: horrible for e-commerce How do random users exchange the pad? Idea of public key cryptography (Diffie-Hellman) Everyone s encryption scheme is posted publically e.g. in a telephone book If A wants to send an encoded message to B, she looks up B s public key (i.e., B s encryption algorithm) in the telephone book But only B has the decryption key corresponding to his public key BIG advantage: A need not know nor trust B. There seems to be a problem though: If we publish the encryption key, won t everyone be able to decrypt? Key observation: decrypting might be too hard, unless you know the key Computing f 1 could be much harder than computing f Now the problem is to find an appropriate (f, f 1 ) pair for which this is true Number theory to the rescue 3 4

RSA: Key Generation RSA: Sending encrypted messages Generating encryption/decryption keys Choose two very large (hundreds of digits) primes p, q. This is done using probabilistic primality testing Choose a random large number and check if it is prime By the prime number theorem, there are lots of primes out there Let n = pq. Choose e N relatively prime to (p 1)(q 1). Here s how: Choose e 1, e 2 prime and about n One must be relatively prime to (p 1)(q 1) Otherwise e 1 e 2 (p 1)(q 1) Find out which one using Euclid s algorithm Compute d, the inverse of e modulo (p 1)(q 1). Can do this using using Euclidean algorithm Publish n and e (that s your public key) Keep the decryption key d to yourself. How does someone send you a message? The message is divided into blocks each represented as a number M between 0 and n. To encrypt M, send C = M e mod n. Need to use fast exponentiation (2 log(n) multiplications) to do this efficiently Example: Encrypt stop using e = 13 and n = 2537: s t o p 18 19 14 15 1819 1415 1819 13 mod 2537 = 2081 and 1415 13 mod 2537 = 2182 so 2081 2182 is the encrypted message. We did not need to know p = 43, q = 59 for that. 5 6 Digital Signatures Probabilistic Primality Testing How can I send you a message in such a way that you re convinced it came from me (and can convince others). Want an analogue of a certified signature Cool observation: To sign a message M, send M d (mod n) where (n, e) is my public key Recipient (and anyone else) can compute (M d ) e M (mod n), since M is public No one else could have sent this message, since no one else knows d. RSA requires really large primes. This requires testing numbers for primality. Although there are now polynomial tests, the standard approach now uses probabilistic primality tests Main idea in probabilistic primality testing algorithm: Choose b between 1 and n at random Apply an easily computable (deterministic) test T (b, n) such that T (b, n) is true (for all b) if n is prime. If n is composite, there are lots of b s for which T (b, n) is false Example: Compute gcd(b, n). If n is prime, gcd(b, n) = 1 If n is composite, gcd(b, n) 1 for some b s Problem: there may not be that many witnesses 7 8

Example: Compute b n 1 mod n If n is prime b n 1 1 (mod n) (Fermat) Unfortunately, there are some composite numbers n such that b n 1 1 (mod n) These are called Carmichael numbers There are tests T (b, n) with the property that T (b, n) = 1 for all b if n is prime T (b, n) = 0 for at least 1/3 of the b s if n is composite T (b, n) is computable quickly (in polynomial time) Constructing T requires a little more number theory Beyond the scope of this course. Given such a test T, it s easy to construct a probabilistic primality test: Choose 100 (or 200) b s at random Test T (b, n) for each one If T (b, n) = 0 for any b, declare b composite This is definitely correct If T (b, n) = 1 for all b s you chose, declare n prime This is highly likely to be correct Security is Subtle There are lots of ways of misapplying RSA, even assuming that factoring is hard. The public key n = pq, the product of two large primes How do you find the primes? Guess a big odd number n 1, check if it s prime If not, try n 1 + 2, then n 1 + 4,... Within roughly log(n 1 ) steps, you should find a prime; How do you find the second prime? Guess a big odd number n 2, check if it s prime... Suppose, instead, you started with the first prime (call it p), and checked p + 2, p + 4, p + 6,..., until you found another prime q, and used that. Is that a good idea? NO!!! If n = pq, then p is the first prime less than n, and q is the first prime greater than n. You can find both easily! 9 10 More to Explore Combinatorics If you like number theory, consider taking MATH 332: Algebra and Number Theory If you re interested in cryptography, try CS 487: Introduction to Cryptography For a brief introduction to some current number theory, check out http://math.arizona.edu/ mcleman/coolnumbers/coolnumbers. The Ten Coolest Numbers thanks to Rob Tirrell for pointing this out Problem: How to count without counting. How do you figure out how many things there are with a certain property without actually enumerating all of them. Sometimes this requires a lot of cleverness and deep mathematical insights. But there are some standard techniques. That s what we ll be studying. 11 12

Sum and Product Rules Example 1: In New Hampshire, license plates consisted of two letters followed by 3 digits. How many possible license plates are there? Answer: 26 choices for the first letter, 26 for the second, 10 choices for the first number, the second number, and the third number: 26 2 10 3 = 676, 000 Example 2: A traveling salesman wants to do a tour of all 50 state capitals. How many ways can he do this? Answer: 50 choices for the first place to visit, 49 for the second,... : 50! altogether. Chapter 4 gives general techniques for solving counting problems like this. Two of the most important are: The Sum Rule: If there are n(a) ways to do A and, distinct from them, n(b) ways to do B, then the number of ways to do A or B is n(a) + n(b). This rule generalizes: there are n(a) + n(b) + n(c) ways to do A or B or C In Section 4.8, we ll see what happens if the ways of doing A and B aren t distinct. The Product Rule: If there are n(a) ways to do A and n(b) ways to do B, then the number of ways to do A and B is n(a) n(b). This is true if the number of ways of doing A and B are independent; the number of choices for doing B is the same regardless of which choice you made for A. Again, this generalizes. There are n(a) n(b) n(c) ways to do A and B and C 13 14 Some Subtler Examples Example 3: If there are n Senators on a committee, in how many ways can a subcommittee be formed? Two approaches: 1. Let N 1 be the number of subcommittees with 1 senator (n), N 2 the number of subcommittees with 2 senator (n(n 1)/2),... According to the sum rule: Each senator is either in the subcommittee or out of it: 2 possibilities for each senator: 2 2 2 = 2 n choices altogether General moral: In many combinatorial problems, there s more than one way to analyze the problem. N = N 1 + N 2 + + N n It turns out that N k = n! k!(n k)! (n choose k); this is discussed in Section 4.4 A subtlety: What about N 0? Do we allow subcommittees of size 0? How about size n? The problem is somewhat ambiguous. If we allow subcommittees of size 0 and n, then there are 2 n subcommittees altogether. This is the same as the number of subsets of the set of n Senators: there is a 1-1 correspondence between subsets and subcommittees. 2. Simpler method: Use the product rule! 15 16

How many ways can the full committee be split into two sides on an issue? This question is also ambiguous. If we care about which way each Senator voted, then the answer is again 2 n : Each subcommittee defines a split + vote (those in the subcommittee vote Yes, those out vote No); and each split + vote defines defines a subcommittee. If we don t care about which way each Senator voted, the answer is 2 n /2 = 2 n 1. This is an instance of the Division Rule. Coping with Ambiguity If you think a problem is ambiguous: 1. Explain why 2. Choose one way of resolving the ambiguity 3. Solve the problem according to your interpretation Make sure that your interpretation doesn t render the problem totally trivial 17 18 More Examples Example 4: How many legal configurations are there in Towers of Hanoi with n rings? Answer: The product rule again: Each ring gets to vote for which pole it s on. Once you ve decided which rings are on each pole, their order is determined. The total number of configurations is 3 n Example 5: How many distinguishable ways can the letters of computer be arranged? How about discrete? For computer, it s 8!: 8 choices for the first letter, for the second,... Is it 8! for discrete? Not quite. There are two e s Suppose we called them e 1, e 2 : There are two versions of each arrangement, depending on which e comes first: discre 1 te 2 is the same as discre 2 te 1. Thus, the right answer is 8!/2! Division Rule: If there is a k-to-1 correspondence between of objects of type A with objects of type B, and there are n(a) objects of type A, then there are n(a)/k objects of type B. A k-to-1 correspondence is an onto mapping in which every B object is the image of exactly k A objects. 19 20

Permutations Combinations A permutation of n things taken r at a time, written P (n, r), is an arrangement in a row of r things, taken from a set of n distinct things. Order matters. Example 6: How many permutations are there of 5 things taken 3 at a time? Answer: 5 choices for the first thing, 4 for the second, 3 for the third: 5 4 3 = 60. If the 5 things are a, b, c, d, e, some possible permutations are: In general P (n, r) = abc abd abe acb acd ace adb adc ade aeb aec aed... n! = n(n 1) (n r + 1) (n r)! A combination of n things taken r at a time, written C(n, r) or ( ) n r ( n choose r ) is any subset of r things from n things. Order makes no difference. Example 7: How many ways are there of choosing 3 things from 5? Answer: If order mattered, then it would be 5 4 3. Since order doesn t matter, are all the same. abc, acb, bac, bca, cab, cba For way of choosing three elements, there are 3! = 6 ways of ordering them. Therefore, the right answer is (5 4 3)/3! = 10: In general C(n, r) = abc abd abe acd ace ade bcd bce bde cde n! = n(n 1) (n r + 1)/r! (n r)!r! 21 22 More Examples 0! Example 8: How many full houses are there in poker? A full house has 5 cards, 3 of one kind and 2 of another. E.g.: 3 5 s and 2 K s. Answer: You need to find a systematic way of counting: Choose the denomination for which you have three of a kind: 13 choices. Choose the three: C(4, 3) = 4 choices Choose the denomination for which you have two of a kind: 12 choices Choose the two: C(4, 2) = 6 choices. Altogether, there are: 13 4 12 6 = 3744 choices It s useful to define 0! = 1. Why? 1. Then we can inductively define (n + 1)! = (n + 1)n!, and this definition works even taking 0 as the base case instead of 1. 2. A better reason: Things work out right for P (n, 0) and C(n, 0)! How many permutations of n things from n are there? P (n, n) = n! (n n)! = n! 0! = n! How many ways are there of choosing n out of n? 0 out of n? n = n! n n!0! = 1 n = n! 0 0!n! = 1 23 24

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback